Cleanup: postscreen now logs CONNECT and DISCONNECT events.
Files: postscreen/postscreen.c, postscreen/postscreen_misc.c.
+
+20100917
+
+ Bugfix: cut-and-paste error. Postscreen used pregreet_ttl
+ instead of dnsbnl_ttl. File: postscreen/postscreen_early.c.
/etc/postfix/main.cf:
postscreen_dnsbl_threshold = 2
- postscreen_dnsbl_sites = zen.spamhaus.org*2 example.com*1 example.net*1
+ postscreen_dnsbl_sites = zen.spamhaus.org*2
+ bl.spamcop.net*1 b.barracudacentral.org*1
Note: if your DNSBL queries have a "secret" in the domain name, you must
censor this information from the postscreen(8) SMTP replies. For example:
major code rewrite, deep protocol tests, helo/sender/recipient logging, and
stress-adaptive behavior in September. Ralf Hildebrandt ran this code on
several servers to collect real-world statistics. This version still used the
-same delay for pregreet and DNSBL tests, as well as the embarrassing dnsblog(8)
-ad-hoc DNS client.
+embarrassing dnsblog(8) ad-hoc DNS client program.
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2
- <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = zen.spamhaus.org*2 example.com*1 example.net*1
+ <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = zen.spamhaus.org*2
+ bl.spamcop.net*1 b.barracudacentral.org*1
</pre>
<p> Note: if your DNSBL queries have a "secret" in the domain name,
in August, followed by a major code rewrite, deep protocol tests,
helo/sender/recipient logging, and stress-adaptive behavior in
September. Ralf Hildebrandt ran this code on several servers to
-collect real-world statistics. This version still used the same
-delay for pregreet and DNSBL tests, as well as the embarrassing
-<a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client. </p>
+collect real-world statistics. This version still used the embarrassing
+<a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client program. </p>
</body>
<pre>
/etc/postfix/main.cf:
postscreen_dnsbl_threshold = 2
- postscreen_dnsbl_sites = zen.spamhaus.org*2 example.com*1 example.net*1
+ postscreen_dnsbl_sites = zen.spamhaus.org*2
+ bl.spamcop.net*1 b.barracudacentral.org*1
</pre>
<p> Note: if your DNSBL queries have a "secret" in the domain name,
in August, followed by a major code rewrite, deep protocol tests,
helo/sender/recipient logging, and stress-adaptive behavior in
September. Ralf Hildebrandt ran this code on several servers to
-collect real-world statistics. This version still used the same
-delay for pregreet and DNSBL tests, as well as the embarrassing
-dnsblog(8) ad-hoc DNS client. </p>
+collect real-world statistics. This version still used the embarrassing
+dnsblog(8) ad-hoc DNS client program. </p>
</body>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20100917"
+#define MAIL_RELEASE_DATE "20100918"
#define MAIL_VERSION_NUMBER "2.8"
#ifdef SNAPSHOT
dnsbl_score =
ps_dnsbl_retrieve(state->smtp_client_addr, &dnsbl_name);
if (dnsbl_score < var_ps_dnsbl_thresh) {
- state->dnsbl_stamp = event_time() + var_ps_pregr_ttl;
+ state->dnsbl_stamp = event_time() + var_ps_dnsbl_ttl;
PS_PASS_SESSION_STATE(state, "dnsbl test",
PS_STATE_FLAG_DNSBL_PASS);
} else {
projects / thirdparty / postfix.git / commitdiff
