Loading ...
Sorry, an error occurred while loading the content.

Re: RBL 'weighting'?

Expand Messages
  • Miha Valencic
    So, since we need some features of policyd as well (rate limiting, for instance), and we re already using amavis, do we chain postfwd before policyd or
    Message 1 of 10 , Dec 17, 2012
    • 0 Attachment
      So, since we need some features of policyd as well (rate limiting, for
      instance), and we're already using amavis, do we chain postfwd before
      policyd or vice-versa?

      Thanks,
      Miha.

      On Mon, Dec 17, 2012 at 4:47 PM, Henrik K <hege@...> wrote:
      > Policyd-weight is deprecated and doesn't even have async DNS lookups etc.
      > Postfwd has replaced all that.
    • Noel Jones
      ... postfwd does rate limiting, and many other features. Maybe you can consolidate everything into postfwd. Additionally, rate limiting is typically done on
      Message 2 of 10 , Dec 17, 2012
      • 0 Attachment
        On 12/17/2012 10:52 AM, Miha Valencic wrote:
        > So, since we need some features of policyd as well (rate limiting, for
        > instance), and we're already using amavis, do we chain postfwd before
        > policyd or vice-versa?
        >
        > Thanks,
        > Miha.


        postfwd does rate limiting, and many other features. Maybe you can
        consolidate everything into postfwd.

        Additionally, rate limiting is typically done on outgoing mail,
        while RBL checks are typically for inbound mail. This might be a
        good time to investigate multiple postfix instances to separate your
        traffic flow.
        http://www.postfix.org/MULTI_INSTANCE_README.html

        Anyway, to answer your question about which to use first; it
        probably doesn't matter. Rule-of-thumb is to put less expensive
        checks first -- that suggests rate limits with local table lookups
        first, then the more time-consuming RBL lookups next. But in this
        situation it probably doesn't make much difference since they are
        checking different mail flows.




        -- Noel Jones
      • Miha Valencic
        ... We ll take a deeper look at postfwd for that. ... True. But there are some specific requirements (beyond my understanding :(). But if the setup will not be
        Message 3 of 10 , Dec 17, 2012
        • 0 Attachment
          On Mon, Dec 17, 2012 at 7:13 PM, Noel Jones <njones@...> wrote:
          > postfwd does rate limiting, and many other features. Maybe you can
          > consolidate everything into postfwd.

          We'll take a deeper look at postfwd for that.

          > Additionally, rate limiting is typically done on outgoing mail,

          True. But there are some specific requirements (beyond my
          understanding :(). But if the setup will not be identical, we'll have
          to look into the multi-postfix setup again.

          Miha
        • /dev/rob0
          ... Actually not. You could build 2.8 and bring in the postscreen and dnsblog executables and master.cf configuration; this should work according to:
          Message 4 of 10 , Dec 17, 2012
          • 0 Attachment
            On Mon, Dec 17, 2012 at 04:01:58PM +0100, Miha Valencic wrote:
            > We're using postfix 2.7, so postscreen is out.

            Actually not. You could build 2.8 and bring in the postscreen and
            dnsblog executables and master.cf configuration; this should work
            according to:

            http://www.postfix.org/announcements/postfix-2.7.0.html

            But then, you might as well just build and use 2.9.
            --
            http://rob0.nodns4.us/ -- system administration and consulting
            Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
          Your message has been successfully submitted and would be delivered to recipients shortly.