POSTSCREEN_README.html revision 1.1.1.1.12.1
1 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4 <head> 5 6 <title>Postfix Postscreen Howto</title> 7 8 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 9 10 </head> 11 12 <body> 13 14 <h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Postscreen Howto</h1> 15 16 <hr> 17 18 <h2> <a name="intro">Introduction</a> </h2> 19 20 <p> The Postfix <a href="postscreen.8.html">postscreen(8)</a> server performs triage on multiple 21 inbound SMTP connections at the same time. While a single <a href="postscreen.8.html">postscreen(8)</a> 22 process keeps zombies away from Postfix SMTP server processes, more 23 Postfix SMTP server processes remain available for legitimate 24 clients. </p> 25 26 <p> <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary whitelist for clients that 27 pass its tests; by allowing whitelisted clients to skip tests, 28 <a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email traffic. 29 </p> 30 31 <p> <a href="postscreen.8.html">postscreen(8)</a> should not be used on SMTP ports that receive 32 mail from end-user clients (MUAs). In a typical deployment, 33 <a href="postscreen.8.html">postscreen(8)</a> is used on the "port 25" service, while MUA clients 34 submit mail via the submission service (port 587) which normally 35 requires client authentication, or via a "port 25" server that 36 provides no MX service (i.e. a dedicated server that provides 37 submission service on port 25). </p> 38 39 <p> <a href="postscreen.8.html">postscreen(8)</a> is part of a multi-layer defense. <p> 40 41 <ul> 42 43 <li> <p> As the first layer, <a href="postscreen.8.html">postscreen(8)</a> blocks connections from 44 zombies and other spambots that are responsible for about 90% of 45 all spam. It is implemented as a single process to make this defense 46 as cheap as possible. </p> 47 48 <li> <p> The second layer implements more complex SMTP-level access 49 checks with Postfix SMTP servers, policy daemons, and Milter 50 applications. </p> 51 52 <li> <p> The third layer performs light-weight content inspection 53 with the Postfix built-in <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. This can 54 block unacceptable attachments such as executable programs, and 55 worms or viruses with easy-to-recognize signatures. </p> 56 57 <li> <p> The fourth layer provides heavy-weight content inspection 58 with external content filters. Typical examples are Amavisd-new, 59 SpamAssassin, and Milter applications. </p> 60 61 </ul> 62 63 <p> Each layer reduces the spam volume. The general strategy is to 64 use the less expensive defenses first, and to use the more expensive 65 defenses only for the spam that remains. </p> 66 67 <p> Topics in this document: </p> 68 69 <ul> 70 71 <li> <a href="#intro">Introduction</a> 72 73 <li> <a href="#basic">The basic idea behind postscreen(8)</a> 74 75 <li> <a href="#general"> General operation </a> 76 77 <li> <a href="#quick">Quick tests before everything else</a> 78 79 <li> <a href="#before_220"> Tests before the 220 SMTP server greeting </a> 80 81 <li> <a href="#after_220">Tests after the 220 SMTP server greeting</a> 82 83 <li> <a href="#other_error">Other errors</a> 84 85 <li> <a href="#victory">When all tests succeed</a> 86 87 <li> <a href="#config"> Configuring the postscreen(8) service</a> 88 89 <li> <a href="#historical"> Historical notes and credits </a> 90 91 </ul> 92 93 <h2> <a name="basic">The basic idea behind postscreen(8)</a> </h2> 94 95 <p> Most email is spam, and most spam is sent out by zombies (malware 96 on compromised end-user computers). Wietse expects that the zombie 97 problem will get worse before things improve, if ever. Without a 98 tool like <a href="postscreen.8.html">postscreen(8)</a> that keeps the zombies away, Postfix would be 99 spending most of its resources not receiving email. </p> 100 101 <p> The main challenge for <a href="postscreen.8.html">postscreen(8)</a> is to make an is-it-a-zombie 102 decision based on a single measurement. This is necessary because 103 many zombies try to fly under the radar and avoid spamming the same 104 site repeatedly. Once <a href="postscreen.8.html">postscreen(8)</a> decides that a client is 105 not-a-zombie, it whitelists the client temporarily to avoid further 106 delays for legitimate mail. </p> 107 108 <p> Zombies have challenges too: they have only a limited amount 109 of time to deliver spam before their IP address becomes blacklisted. 110 To speed up spam deliveries, zombies make compromises in their SMTP 111 protocol implementation. For example, they speak before their turn, 112 or they ignore responses from SMTP servers and continue sending 113 mail even when the server tells them to go away. </p> 114 115 <p> <a href="postscreen.8.html">postscreen(8)</a> uses a variety of measurements to recognize 116 zombies. First, <a href="postscreen.8.html">postscreen(8)</a> determines if the remote SMTP client 117 IP address is blacklisted. Second, <a href="postscreen.8.html">postscreen(8)</a> looks for protocol 118 compromises that are made to speed up delivery. These are good 119 indicators for making is-it-a-zombie decisions based on single 120 measurements. </p> 121 122 <p> <a href="postscreen.8.html">postscreen(8)</a> does not inspect message content. Message content 123 can vary from one delivery to the next, especially with clients 124 that (also) send legitimate email. Content is not a good indicator 125 for making is-it-a-zombie decisions based on single measurements, 126 and that is the problem that <a href="postscreen.8.html">postscreen(8)</a> is focused on. </p> 127 128 <h2> <a name="general"> General operation </a> </h2> 129 130 <p> The <a href="postscreen.8.html">postscreen(8)</a> triage process involves a number of tests, 131 in the order as described below. Some tests introduce a delay of 132 a few seconds. <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary whitelist for 133 clients that pass its tests; by allowing whitelisted clients to 134 skip tests, <a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email 135 traffic. </p> 136 137 <p> By default, <a href="postscreen.8.html">postscreen(8)</a> hands off all connections to a Postfix 138 SMTP server process after logging its findings. This mode is useful 139 for non-destructive testing. </p> 140 141 <p> In a typical production setting, <a href="postscreen.8.html">postscreen(8)</a> is configured 142 to reject mail from clients that fail one or more tests, after 143 logging the helo, sender and recipient information. </p> 144 145 <p> Note: <a href="postscreen.8.html">postscreen(8)</a> is not an SMTP proxy; this is intentional. 146 The purpose is to keep zombies away from Postfix, with minimal 147 overhead for legitimate clients. </p> 148 149 <h2> <a name="quick">Quick tests before everything else</a> </h2> 150 151 <p> Before engaging in SMTP-level tests. <a href="postscreen.8.html">postscreen(8)</a> queries a 152 number of local black and whitelists. These tests speed up the 153 handling of known clients. </p> 154 155 <ul> 156 157 <li> <a href="#perm_white_black"> Permanent white/blacklist test </a> 158 159 <li> <a href="#temp_white"> Temporary whitelist test </a> 160 161 <li> <a href="#white_veto"> MX Policy test </a> 162 163 </ul> 164 165 <h3> <a name="perm_white_black"> Permanent white/blacklist test </a> </h3> 166 167 <p> The <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter (default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>) 168 specifies a permanent access list for SMTP client IP addresses. Typically 169 one would specify something that whitelists local networks, followed 170 by a CIDR table for selective white- and blacklisting. </p> 171 172 <p> Example: </p> 173 174 <pre> 175 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 176 <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 177 <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr 178 179 /etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>: 180 # Rules are evaluated in the order as specified. 181 # Blacklist 192.168.* except 192.168.0.1. 182 192.168.0.1 permit 183 192.168.0.0/16 reject 184 </pre> 185 186 <p> See the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> manpage documentation for more 187 details. </p> 188 189 <p> When the SMTP client address matches a "permit" action, 190 <a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as: 191 </p> 192 193 <pre> 194 <b>WHITELISTED</b> <i>[address]:port</i> 195 </pre> 196 197 <p> The whitelist action is not configurable: immediately hand off the 198 connection to a Postfix SMTP server process. </p> 199 200 <p> When the SMTP client address matches a "reject" action, 201 <a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as: 202 </p> 203 204 <pre> 205 <b>BLACKLISTED</b> <i>[address]:port</i> 206 </pre> 207 208 <p> The <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> parameter specifies the action 209 that is taken next. See "<a href="#fail_before_220">When tests 210 fail before the 220 SMTP server greeting</a>" below. </p> 211 212 <h3> <a name="temp_white"> Temporary whitelist test </a> </h3> 213 214 <p> The <a href="postscreen.8.html">postscreen(8)</a> daemon maintains a <i>temporary</i> 215 whitelist for SMTP client IP addresses that have passed all 216 the tests described below. The <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> parameter 217 specifies the location of the temporary whitelist. The 218 temporary whitelist is not used for SMTP client addresses 219 that appear on the <i>permanent</i> access list. </p> 220 221 <blockquote> <p> NOTE: To share a <a href="postscreen.8.html">postscreen(8)</a> cache between 222 multiple <a href="postscreen.8.html">postscreen(8)</a> instances, use "<tt><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = 223 <a href="proxymap.8.html">proxy</a>:btree:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache</tt>", and disable 224 cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0) in all 225 <a href="postscreen.8.html">postscreen(8)</a> instances except one that is responsible for cache 226 cleanup. </p> <p> <a href="postscreen.8.html">postscreen(8)</a> cache sharing requires Postfix 2.9 227 or later; earlier <a href="proxymap.8.html">proxymap(8)</a> implementations don't support cache 228 cleanup. </p> <p> For an alternative <a href="postscreen.8.html">postscreen(8)</a> cache sharing 229 approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p> </blockquote> 230 231 <p> When the SMTP client address appears on the temporary 232 whitelist, <a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port 233 number as: </p> 234 235 <pre> 236 <b>PASS OLD</b> <i>[address]:port</i> 237 </pre> 238 239 <p> The action is not configurable: immediately hand off the 240 connection to a Postfix SMTP server process. The client is 241 excluded from further tests until its temporary whitelist 242 entry expires, as controlled with the postscreen_*_ttl 243 parameters. Expired entries are silently renewed if possible. </p> 244 245 <h3> <a name="white_veto"> MX Policy test </a> </h3> 246 247 <p> When the remote SMTP client is not on the static access list 248 or temporary whitelist, <a href="postscreen.8.html">postscreen(8)</a> can implement a number of 249 whitelist tests, before it grants the client a temporary whitelist 250 status that allows it to talk to a Postfix SMTP server process. </p> 251 252 <p> By listening on both primary and backup MX addresses, <a href="postscreen.8.html">postscreen(8)</a> 253 can deny the temporary whitelist status to clients that connect 254 only to backup MX hosts (an old spammer trick to take advantage of 255 backup MX hosts with weaker anti-spam policies than primary MX 256 hosts). </p> 257 258 <ul> 259 260 <li> <p> First, configure the host to listen on both primary and 261 backup MX addresses. Use the appropriate <tt>ifconfig</tt> command 262 for the local operating system, or update the appropriate configuration 263 files and "refresh" the network protocol stack. </p> 264 265 <li> <p> Then, configure <a href="postscreen.8.html">postscreen(8)</a> to deny the temporary whitelist 266 status on the backup MX address(es). An example for Wietse's 267 server is: </p> 268 269 <pre> 270 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 271 <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> = !168.100.189.8 <a href="DATABASE_README.html#types">static</a>:all 272 </pre> 273 274 <p> Translation: allow clients to obtain the temporary whitelist 275 status on all server IP addresses except 168.100.189.8, which is a 276 backup MX address. </p> 277 278 </ul> 279 280 <p> When a non-whitelisted client connects the backup MX address, 281 <a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as: 282 </p> 283 284 <pre> 285 <b>CONNECT from</b> <i>[address]:port</i> <b>to [168.100.189.8]:25</b> 286 <b>WHITELIST VETO</b> <i>[address]:port</i> 287 </pre> 288 289 <p> Translation: the client at <i>[address]:port</i> connected to 290 the backup MX address 168.100.189.8 while it was not whitelisted. 291 The client will not be granted the temporary whitelist status, even 292 if passes all the whitelist tests described below. </p> 293 294 <h2> <a name="before_220"> Tests before the 220 SMTP server greeting </a> </h2> 295 296 <p> The <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter specifies a short time 297 interval before the "220 <i>text</i>..." server greeting, where 298 <a href="postscreen.8.html">postscreen(8)</a> can run a number of tests in parallel. </p> 299 300 <p> When a good client passes these tests, and no "<a 301 href="#after_220">deep protocol tests</a>" are configured, postscreen(8) 302 adds the client to the temporary whitelist and hands off the "live" 303 connection to a Postfix SMTP server process. The client can then 304 continue as if <a href="postscreen.8.html">postscreen(8)</a> never even existed (except of course 305 for the short <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> delay). </p> 306 307 <ul> 308 309 <li> <a href="#pregreet"> Pregreet test </a> 310 311 <li> <a href="#dnsbl"> DNS White/blacklist test </a> 312 313 <li> <a href="#fail_before_220">When tests fail before the 220 SMTP server greeting</a> 314 315 </ul> 316 317 <h3> <a name="pregreet"> Pregreet test </a> </h3> 318 319 <p> The SMTP protocol is a classic example of a protocol where the 320 server speaks before the client. <a href="postscreen.8.html">postscreen(8)</a> detects zombies 321 that are in a hurry and that speak before their turn. This test is 322 enabled by default. </p> 323 324 <p> The <a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> parameter specifies the <i>text</i> 325 portion of a "220-<i>text</i>..." teaser banner (default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>). 326 Note that this becomes the first part of a multi-line server greeting. 327 The <a href="postscreen.8.html">postscreen(8)</a> daemon sends this before the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> 328 timer is started. The purpose of the teaser banner is to confuse 329 zombies so that they speak before their turn. It has no effect on 330 SMTP clients that correctly implement the protocol. </p> 331 332 <p> To avoid problems with poorly-implemented SMTP engines in network 333 appliances or network testing tools, either exclude them from all 334 tests with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> feature or else specify 335 an empty teaser banner: </p> 336 337 <pre> 338 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 339 # Exclude broken clients by whitelisting. Clients in <a href="postconf.5.html#mynetworks">mynetworks</a> 340 # should always be whitelisted. 341 <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 342 <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr 343 344 /etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>: 345 192.168.254.0/24 permit 346 </pre> 347 348 <pre> 349 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 350 # Disable the teaser banner (try whitelisting first if you can). 351 <a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> = 352 </pre> 353 354 <p> When an SMTP client sends a command before the 355 <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> time has elapsed, <a href="postscreen.8.html">postscreen(8)</a> logs this as: 356 </p> 357 358 <pre> 359 <b>PREGREET</b> <i>count</i> <b>after</b> <i>time</i> <b>from</b> <i>[address]:port text...</i> 360 </pre> 361 362 <p> Translation: the client at <i>[address]:port</i> sent <i>count</i> 363 bytes before its turn to speak. This happened <i>time</i> seconds 364 after the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> timer was started. The <i>text</i> 365 is what the client sent (truncated to 100 bytes, and with non-printable 366 characters replaced with C-style escapes such as \r for carriage-return 367 and \n for newline). </p> 368 369 <p> The <a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> parameter specifies the action that 370 is taken next. See "<a href="#fail_before_220">When tests fail 371 before the 220 SMTP server greeting</a>" below. </p> 372 373 <h3> <a name="dnsbl"> DNS White/blacklist test </a> </h3> 374 375 <p> The <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter (default: empty) specifies 376 a list of DNS blocklist servers with optional filters and weight 377 factors (positive weights for blacklisting, negative for whitelisting). 378 These servers will be queried in parallel with the reverse client 379 IP address. This test is disabled by default. </p> 380 381 <blockquote> 382 <p> 383 CAUTION: when postscreen rejects mail, its SMTP reply contains the 384 DNSBL domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to 385 hide "password" information in DNSBL domain names. 386 </p> 387 </blockquote> 388 389 <p> When the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> time has elapsed, and the combined 390 DNSBL score is equal to or greater than the <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> 391 parameter value, <a href="postscreen.8.html">postscreen(8)</a> logs this as: </p> 392 393 <pre> 394 <b>DNSBL rank</b> <i>count</i> <b>for</b> <i>[address]:port</i> 395 </pre> 396 397 <p> Translation: the SMTP client at <i>[address]:port</i> has a combined 398 DNSBL score of <i>count</i>. </p> 399 400 <p> The <a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> parameter specifies the action that 401 is taken when the combined DNSBL score is equal to or greater than 402 the threshold. See "<a href="#fail_before_220">When tests fail 403 before the 220 SMTP server greeting</a>" below. </p> 404 405 <h3> <a name="fail_before_220">When tests fail before the 220 SMTP server greeting</a> </h3> 406 407 <p> When the client address matches the permanent blacklist, or 408 when the client fails the pregreet or DNSBL tests, the action is 409 specified with <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a>, <a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a>, 410 or <a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a>, respectively. </p> 411 412 <dl> 413 414 <dt> <b>ignore</b> (default) </dt> 415 416 <dd> Ignore the failure of this test. Allow other tests to complete. 417 Repeat this test the next time the client connects. This option 418 is useful for testing and collecting statistics without blocking 419 mail. </dd> 420 421 <dt> <b>enforce</b> </dt> 422 423 <dd> Allow other tests to complete. Reject attempts to deliver mail 424 with a 550 SMTP reply, and log the helo/sender/recipient information. 425 Repeat this test the next time the client connects. </dd> 426 427 <dt> <b>drop</b> </dt> 428 429 <dd> Drop the connection immediately with a 521 SMTP reply. Repeat 430 this test the next time the client connects. </dd> 431 432 </dl> 433 434 <h2> <a name="after_220">Tests after the 220 SMTP server greeting</a> </h2> 435 436 <p> In this phase of the protocol, <a href="postscreen.8.html">postscreen(8)</a> implements a 437 number of "deep protocol" tests. These tests use an SMTP protocol 438 engine that is built into the <a href="postscreen.8.html">postscreen(8)</a> server. </p> 439 440 <p> Important note: deep protocol tests are disabled by default. 441 They are more intrusive than the pregreet and DNSBL tests, and they 442 have limitations as discussed next. </p> 443 444 <ul> 445 446 <li> <p> When a good client passes the <a href="#after_220">deep 447 protocol tests</a>, postscreen(8) adds the client to the temporary 448 whitelist but it cannot hand off the "live" connection to a Postfix 449 SMTP server process in the middle of the session. Instead, <a href="postscreen.8.html">postscreen(8)</a> 450 defers mail delivery attempts with a 4XX status, logs the 451 helo/sender/recipient information, and waits for the client to 452 disconnect. </p> 453 454 <p> The next time the client connects it will be allowed to talk 455 to a Postfix SMTP server process to deliver its mail. To minimize the 456 impact of this limitation, <a href="postscreen.8.html">postscreen(8)</a> gives deep protocol tests 457 a relatively long expiration time. </p> 458 459 <li> <p> <a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP engine does not implement 460 the AUTH, XCLIENT, and XFORWARD features. AUTH support may be added 461 in a future version. In the mean time, if you need to make these 462 services available on port 25, then do not enable the tests after 463 the 220 server greeting. </p> 464 465 </ul> 466 467 <p> End-user clients should connect directly to the submission 468 service, so that they never have to deal with <a href="postscreen.8.html">postscreen(8)</a>'s tests. 469 </p> 470 471 <ul> 472 473 <li> <a href="#pipelining">Command pipelining test</a> 474 475 <li> <a href="#non_smtp">Non-SMTP command test</a> 476 477 <li> <a href="#barelf">Bare newline test</a> 478 479 <li> <a href="#fail_after_220">When tests fail after the 220 SMTP server greeting</a> 480 481 </ul> 482 483 <h3> <a name="pipelining">Command pipelining test</a> </h3> 484 485 <p> By default, SMTP is a half-duplex protocol: the sender and 486 receiver send one command and one response at a time. Unlike the 487 Postfix SMTP server, <a href="postscreen.8.html">postscreen(8)</a> does not announce support 488 for ESMTP command pipelining. Therefore, clients are not allowed 489 to send multiple commands. postscreen(8)'s <a href="#after_220">deep 490 protocol test</a> for this is disabled by default. </p> 491 492 <p> With "<a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a> detects 493 zombies that send multiple commands, instead of sending one command 494 and waiting for the server to reply. </p> 495 496 <p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has 497 to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a> 498 logging more informative. </p> 499 500 <p> When a client sends multiple commands, <a href="postscreen.8.html">postscreen(8)</a> logs this 501 as: </p> 502 503 <pre> 504 <b>COMMAND PIPELINING from</b> <i>[address]:port</i> <b>after</b> <i>command</i>: <i>text</i> 505 </pre> 506 507 <p> Translation: the SMTP client at <i>[address]:port</i> sent 508 multiple SMTP commands, instead of sending one command and then 509 waiting for the server to reply. This happened after the client 510 sent <i>command</i>. The <i>text</i> shows part of the input that 511 was sent too early; it is not logged with Postfix 2.8. </p> 512 513 <p> The <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> parameter specifies the action 514 that is taken next. See "<a href="#fail_after_220">When tests fail 515 after the 220 SMTP server greeting</a>" below. </p> 516 517 <h3> <a name="non_smtp">Non-SMTP command test</a> </h3> 518 519 <p> Some spambots send their mail through open proxies. A symptom 520 of this is the usage of commands such as CONNECT and other non-SMTP 521 commands. Just like the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> 522 feature, <a href="postscreen.8.html">postscreen(8)</a> has an equivalent <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> 523 feature to block these clients. postscreen(8)'s <a href="#after_220">deep 524 protocol test</a> for this is disabled by default. </p> 525 526 <p> With "<a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a> 527 detects zombies that send commands specified with the 528 <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter. This also detects commands 529 with the syntax of a message header label. The latter is a symptom 530 that the client is sending message content after ignoring all the 531 responses from <a href="postscreen.8.html">postscreen(8)</a> that reject mail. </p> 532 533 <p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has 534 to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a> 535 logging more informative. </p> 536 537 <p> When a client sends non-SMTP commands, <a href="postscreen.8.html">postscreen(8)</a> logs this 538 as: </p> 539 540 <pre> 541 <b>NON-SMTP COMMAND from</b> <i>[address]:port command</i> 542 </pre> 543 544 <p> Translation: the SMTP client at <i>[address]:port</i> sent a 545 <i>command</i> that matches the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> 546 parameter, or that has the syntax of a message header label. </p> 547 548 <p> The <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> parameter specifies 549 the action that is taken next. See "<a href="#fail_after_220">When 550 tests fail after the 220 SMTP server greeting</a>" below. </p> 551 552 <h3> <a name="barelf">Bare newline test</a> </h3> 553 554 <p> SMTP is a line-oriented protocol: lines have a limited length, 555 and are terminated with <CR><LF>. Lines ending in a 556 "bare" <LF>, that is newline not preceded by carriage return, 557 are not allowed in SMTP. postscreen(8)'s <a href="#after_220">deep 558 protocol test</a> for this is disabled by default. </p> 559 560 <p> With "<a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a> 561 detects clients that send lines ending in bare newline characters. 562 </p> 563 564 <p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has 565 to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a> 566 logging more informative. </p> 567 568 <p> When a client sends bare newline characters, <a href="postscreen.8.html">postscreen(8)</a> logs 569 this as: 570 </p> 571 572 <pre> 573 <b>BARE NEWLINE from</b> <i>[address]:port</i> 574 </pre> 575 576 <p> Translation: the SMTP client at <i>[address]:port</i> sent a bare 577 newline character, that is newline not preceded by carriage 578 return. </p> 579 580 <p> The <a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> parameter specifies the 581 action that is taken next. See "<a href="#fail_after_220">When 582 tests fail after the 220 SMTP server greeting</a>" below. </p> 583 584 <h3> <a name="fail_after_220">When tests fail after the 220 SMTP server greeting</a> </h3> 585 586 <p> When the client fails the pipelining, non-SMTP command or bare 587 newline tests, the action is specified with <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a>, 588 <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> or <a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a>, 589 respectively. </p> 590 591 <dl> 592 593 <dt> <b>ignore</b> (default for bare newline) </dt> 594 595 <dd> Ignore the failure of this test. Allow other tests to complete. 596 Do NOT repeat this test before the result from some other test 597 expires. 598 599 This option is useful for testing and collecting statistics without 600 blocking mail permanently. </dd> 601 602 <dt> <b>enforce</b> (default for pipelining) </dt> 603 604 <dd> Allow other tests to complete. Reject attempts to deliver 605 mail with a 550 SMTP reply, and log the helo/sender/recipient 606 information. Repeat this test the next time the client connects. 607 </dd> 608 609 <dt> <b>drop</b> (default for non-SMTP commands) </dt> 610 611 <dd> Drop the connection immediately with a 521 SMTP reply. Repeat 612 this test the next time the client connects. This action is 613 compatible with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> 614 feature. </dd> 615 616 </dl> 617 618 <h2> <a name="other_error">Other errors</a> </h2> 619 620 <p> When an SMTP client hangs up unexpectedly, <a href="postscreen.8.html">postscreen(8)</a> logs 621 this as: </p> 622 623 <pre> 624 <b>HANGUP after</b> <i>time</i> <b>from</b> <i>[address]:port</i> <b>in</b> <i>test name</i> 625 </pre> 626 627 <p> Translation: the SMTP client at <i>[address]:port</i> disconnected 628 unexpectedly, <i>time</i> seconds after the start of the 629 test named <i>test name</i>. </p> 630 631 <p> There is no punishment for hanging up. A client that hangs up 632 without sending the QUIT command can still pass all <a href="postscreen.8.html">postscreen(8)</a> 633 tests. </p> 634 635 <!-- 636 637 <p> While an unexpired penalty is in effect, an SMTP client is not 638 allowed to pass any tests, and <a href="postscreen.8.html">postscreen(8)</a> logs each connection 639 with the remaining amount of penalty time as: </p> 640 641 <pre> 642 <b>PENALTY</b> <i>time</i> <b>for</b> <i>[address]:port</i> 643 </pre> 644 645 <p> During this time, all attempts by the client to deliver mail 646 will be deferred with a 450 SMTP status. </p> 647 648 --> 649 650 <p> The following errors are reported by the built-in SMTP engine. 651 This engine never accepts mail, therefore it has per-session limits 652 on the number of commands and on the session length. </p> 653 654 <pre> 655 <b>COMMAND TIME LIMIT</b> <b>from</b> <i>[address]:port</i> 656 </pre> 657 658 <p> Translation: the SMTP client at <i>[address]:port</i> reached the 659 per-command time limit as specified with the <a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> 660 parameter. The session is terminated immediately. </p> 661 662 <pre> 663 <b>COMMAND COUNT LIMIT from</b> <i>[address]:port</i> 664 </pre> 665 666 <p> Translation: the SMTP client at <i>[address]:port</i> reached the 667 per-session command count limit as specified with the 668 <a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> parameter. The session is terminated 669 immediately. </p> 670 671 <pre> 672 <b>COMMAND LENGTH LIMIT from</b> <i>[address]:port</i> 673 </pre> 674 675 <p> Translation: the SMTP client at <i>[address]:port</i> reached the 676 per-command length limit, as specified with the <a href="postconf.5.html#line_length_limit">line_length_limit</a> 677 parameter. The session is terminated immediately. </p> 678 679 <p> When an SMTP client makes too many connections at the same time, 680 or when all <a href="postscreen.8.html">postscreen(8)</a> ports are busy, <a href="postscreen.8.html">postscreen(8)</a> rejects the 681 connection with a 421 status code and logs: </p> 682 683 <pre> 684 <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: too many connections</b> 685 <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all server ports busy</b> 686 </pre> 687 688 <p> The <a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> and 689 <a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> parameters control these limits. </p> 690 691 <h2> <a name="victory">When all tests succeed</a> </h2> 692 693 <p> When a new SMTP client passes all tests (i.e. it is not whitelisted 694 via some mechanism), <a href="postscreen.8.html">postscreen(8)</a> logs this as: </p> 695 696 <pre> 697 <b>PASS NEW</b> <i>[address]:port</i> 698 </pre> 699 700 <p> Where <i>[address]:port</i> are the client IP address and port. 701 Then, <a href="postscreen.8.html">postscreen(8)</a> 702 creates a temporary whitelist entry that excludes the client IP 703 address from further tests until the temporary whitelist entry 704 expires, as controlled with the postscreen_*_ttl parameters. </p> 705 706 <p> When no "<a href="#after_220">deep protocol tests</a>" are 707 configured, <a href="postscreen.8.html">postscreen(8)</a> hands off the "live" connection to a Postfix 708 SMTP server process. The client can then continue as if <a href="postscreen.8.html">postscreen(8)</a> 709 never even existed (except for the short <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> delay). 710 </p> 711 712 <p> When any "<a href="#after_220">deep protocol tests</a>" are 713 configured, <a href="postscreen.8.html">postscreen(8)</a> cannot hand off the "live" connection to 714 a Postfix SMTP server process in the middle of the session. Instead, 715 <a href="postscreen.8.html">postscreen(8)</a> defers mail delivery attempts with a 4XX status, logs 716 the helo/sender/recipient information, and waits for the client to 717 disconnect. The next time the client connects it will be allowed 718 to talk to a Postfix SMTP server process to deliver its mail. 719 <a href="postscreen.8.html">postscreen(8)</a> mitigates the impact of this limitation by giving 720 <a href="#after_220">deep protocol tests</a> a long expiration 721 time. </p> 722 723 <h2> <a name="config"> Configuring the postscreen(8) service</a> 724 </h2> 725 726 <p> <a href="postscreen.8.html">postscreen(8)</a> has been tested on FreeBSD [4-8], Linux 2.[4-6] 727 and Solaris 9 systems. </p> 728 729 <ul> 730 731 <li> <a href="#enable"> Turning on postscreen(8) without blocking 732 mail</a> 733 734 <li> <a href="#starttls"> postscreen(8) TLS configuration </a> 735 736 <li> <a href="#blocking"> Blocking mail with postscreen(8) </a> 737 738 <li> <a href="#turnoff"> Turning off postscreen(8) </a> 739 740 </ul> 741 742 <h3> <a name="enable"> Turning on postscreen(8) without blocking mail</a> </h3> 743 744 <p> To enable the <a href="postscreen.8.html">postscreen(8)</a> service and log client information 745 without blocking mail: </p> 746 747 <ol> 748 749 <li> <p> Make sure that local clients and systems with non-standard 750 SMTP implementations are excluded from any <a href="postscreen.8.html">postscreen(8)</a> tests. The 751 default is to exclude all clients in <a href="postconf.5.html#mynetworks">mynetworks</a>. To exclude additional 752 clients, for example, third-party performance monitoring tools (these 753 tend to have broken SMTP implementations): </p> 754 755 <pre> 756 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 757 # Exclude broken clients by whitelisting. Clients in <a href="postconf.5.html#mynetworks">mynetworks</a> 758 # should always be whitelisted. 759 <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, 760 <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr 761 762 /etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>: 763 192.168.254.0/24 permit 764 </pre> 765 766 <li> <p> Comment out the "<tt>smtp inet ... smtpd</tt>" service 767 in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries 768 that follow. </p> 769 770 <pre> 771 /etc/postfix/<a href="master.5.html">master.cf</a>: 772 #smtp inet n - n - - smtpd 773 # -o parameter=value ... 774 </pre> 775 776 <li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service 777 in <a href="master.5.html">master.cf</a>, and duplicate any "<tt>-o parameter=value</tt>" entries 778 from the smtpd service that was commented out in the previous step. 779 </p> 780 781 <pre> 782 /etc/postfix/<a href="master.5.html">master.cf</a>: 783 smtpd pass - - n - - smtpd 784 -o parameter=value ... 785 </pre> 786 787 <li> <p> Uncomment the new "<tt>smtp inet ... postscreen</tt>" 788 service in <a href="master.5.html">master.cf</a>. </p> 789 790 <pre> 791 /etc/postfix/<a href="master.5.html">master.cf</a>: 792 smtp inet n - n - 1 postscreen 793 </pre> 794 795 <li> <p> Uncomment the new "<tt>tlsproxy unix ... tlsproxy</tt>" 796 service in <a href="master.5.html">master.cf</a>. This service implements STARTTLS support for 797 <a href="postscreen.8.html">postscreen(8)</a>. </p> 798 799 <pre> 800 /etc/postfix/<a href="master.5.html">master.cf</a>: 801 tlsproxy unix - - n - 0 tlsproxy 802 </pre> 803 804 <li> <p> Uncomment the new "<tt>dnsblog unix ... dnsblog</tt>" 805 service in <a href="master.5.html">master.cf</a>. This service does DNSBL lookups for <a href="postscreen.8.html">postscreen(8)</a> 806 and logs results. </p> 807 808 <pre> 809 /etc/postfix/<a href="master.5.html">master.cf</a>: 810 dnsblog unix - - n - 0 dnsblog 811 </pre> 812 813 <li> <p> To enable DNSBL lookups, list some DNS blocklist sites in 814 <a href="postconf.5.html">main.cf</a>, separated by whitespace. Different sites can have different 815 weights. For example: 816 817 <pre> 818 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 819 <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2 820 <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = zen.spamhaus.org*2 821 bl.spamcop.net*1 b.barracudacentral.org*1 822 </pre> 823 824 <p> Note: if your DNSBL queries have a "secret" in the domain name, 825 you must censor this information from the <a href="postscreen.8.html">postscreen(8)</a> SMTP replies. 826 For example: </p> 827 828 <pre> 829 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 830 <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply 831 </pre> 832 833 <pre> 834 /etc/postfix/dnsbl_reply: 835 # Secret DNSBL name Name in <a href="postscreen.8.html">postscreen(8)</a> replies 836 secret.zen.spamhaus.org zen.spamhaus.org 837 </pre> 838 839 <p> The <a href="DATABASE_README.html#types">texthash</a>: format is similar to hash: except that there is 840 no need to run <a href="postmap.1.html">postmap(1)</a> before the file can be used, and that it 841 does not detect changes after the file is read. It is new with 842 Postfix version 2.8. </p> 843 844 <li> <p> Read the new configuration with "<tt>postfix reload</tt>". 845 </p> 846 847 </ol> 848 849 <p> Notes: </p> 850 851 <ul> 852 853 <li> <p> Some <a href="postscreen.8.html">postscreen(8)</a> configuration parameters implement 854 stress-dependent behavior. This is supported only when the default 855 value is stress-dependent (that is, "postconf -d <i>parametername</i>" 856 output shows "<i>parametername</i> = 857 ${stress?<i>something</i>}${stress:<i>something</i>}"). 858 Other parameters always evaluate as if the stress value is the empty 859 string. </p> 860 861 <li> <p> See "<a href="#before_220">Tests before the 220 SMTP server 862 greeting</a>" for details about the logging from these postscreen(8) 863 tests. </p> 864 865 <li> <p> If you run Postfix 2.6 or earlier you must stop and start 866 the master daemon ("<tt>postfix stop; postfix start</tt>"). This 867 is needed because the Postfix "pass" master service type did not 868 work reliably on all systems. </p> 869 870 </ul> 871 872 <h3> <a name="starttls"> postscreen(8) TLS configuration </a> </h3> 873 874 <p> <a href="postscreen.8.html">postscreen(8)</a> TLS support is available for remote SMTP clients 875 that aren't whitelisted, including clients that need to renew their 876 temporary whitelist status. When a remote SMTP client requests TLS 877 service, <a href="postscreen.8.html">postscreen(8)</a> invisibly hands off the connection to a 878 <a href="tlsproxy.8.html">tlsproxy(8)</a> process. Then, <a href="tlsproxy.8.html">tlsproxy(8)</a> encrypts and decrypts the 879 traffic between <a href="postscreen.8.html">postscreen(8)</a> and the remote SMTP client. One 880 <a href="tlsproxy.8.html">tlsproxy(8)</a> process can handle multiple SMTP sessions. The number 881 of <a href="tlsproxy.8.html">tlsproxy(8)</a> processes slowly increases with server load, but it 882 should always be much smaller than the number of <a href="postscreen.8.html">postscreen(8)</a> TLS 883 sessions. </p> 884 885 <p> TLS support for <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a> uses the same 886 parameters as with <a href="smtpd.8.html">smtpd(8)</a>. We recommend that you keep the relevant 887 configuration parameters in <a href="postconf.5.html">main.cf</a>. If you must specify "-o 888 smtpd_mumble=value" parameter overrides in <a href="master.5.html">master.cf</a> for a 889 postscreen-protected <a href="smtpd.8.html">smtpd(8)</a> service, then you should specify those 890 same parameter overrides for the <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a> 891 services. </p> 892 893 <h3> <a name="blocking"> Blocking mail with postscreen(8) </a> </h3> 894 895 <p> For compatibility with <a href="smtpd.8.html">smtpd(8)</a>, <a href="postscreen.8.html">postscreen(8)</a> implements the 896 <a href="postconf.5.html#soft_bounce">soft_bounce</a> safety feature. This causes Postfix to reject mail with 897 a "try again" reply code. </p> 898 899 <ul> 900 901 <li> <p> To turn this on for all of Postfix, specify "<tt><a href="postconf.5.html#soft_bounce">soft_bounce</a> 902 = yes</tt>" in <a href="postconf.5.html">main.cf</a>. </p> 903 904 <li> <p> To turn this on for <a href="postscreen.8.html">postscreen(8)</a> only, append "<tt>-o 905 <a href="postconf.5.html#soft_bounce">soft_bounce</a>=yes</tt>" (note: NO SPACES around '=') to the postscreen 906 entry in <a href="master.5.html">master.cf</a>. <p> 907 908 </ul> 909 910 <p> Execute "<tt>postfix reload</tt>" to make the change effective. </p> 911 912 <p> After testing, do not forget to remove the <a href="postconf.5.html#soft_bounce">soft_bounce</a> feature, 913 otherwise senders won't receive their non-delivery notification 914 until many days later. </p> 915 916 <p> To use the <a href="postscreen.8.html">postscreen(8)</a> service to block mail, edit <a href="postconf.5.html">main.cf</a> and 917 specify one or more of: </p> 918 919 <ul> 920 921 <li> <p> "<tt><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> = enforce</tt>", to reject 922 clients that are on DNS blocklists, and to log the helo/sender/recipient 923 information. With good DNSBLs this reduces the amount of load on 924 Postfix SMTP servers dramatically. </p> 925 926 <li> <p> "<tt><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> = enforce</tt>", to reject 927 clients that talk before their turn, and to log the helo/sender/recipient 928 information. This stops over half of all known-to-be illegitimate 929 connections to Wietse's mail server. It is backup protection for 930 zombies that haven't yet been blacklisted. </p> 931 932 <li> <p> You can also enable "<a href="#after_220">deep protocol 933 tests</a>", but these are more intrusive than the pregreet or DNSBL 934 tests. </p> 935 936 <p> When a good client passes the "<a href="#after_220">deep 937 protocol tests</a>", postscreen(8) adds the client to the temporary 938 whitelist but it cannot hand off the "live" connection to a Postfix 939 SMTP server process in the middle of the session. Instead, <a href="postscreen.8.html">postscreen(8)</a> 940 defers mail delivery attempts with a 4XX status, logs the 941 helo/sender/recipient information, and waits for the client to 942 disconnect. </p> 943 944 <p> When the good client comes back in a later session, it is allowed 945 to talk directly to a Postfix SMTP server. See "after_220 <a 946 href="#after_220">Tests after the 220 SMTP server greeting</a> above 947 for limitations with AUTH and other features that clients may need. 948 </p> 949 950 <p> An unexpected benefit from "<a href="#after_220">deep protocol 951 tests</a>" is that some "good" clients don't return after the 4XX 952 reply; these clients were not so good after all. Wietse enables 953 "<a href="#after_220">deep protocol tests</a>" on his own internet-facing 954 mail server. </p> 955 956 <li> <p> There is also support for permanent blacklisting and 957 whitelisting; see the description of the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> 958 parameter for details. </p> 959 960 </ul> 961 962 <h3> <a name="turnoff"> Turning off postscreen(8) </a> </h3> 963 964 <p> To turn off <a href="postscreen.8.html">postscreen(8)</a> and handle mail directly with Postfix 965 SMTP server processes: </p> 966 967 <ol> 968 969 <li> <p> Comment out the "<tt>smtp inet ... postscreen</tt>" service 970 in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries 971 that follow. </p> 972 973 <pre> 974 /etc/postfix/<a href="master.5.html">master.cf</a>: 975 #smtp inet n - n - 1 postscreen 976 # -o parameter=value ... 977 </pre> 978 979 <li> <p> Comment out the "<tt>dnsblog unix ... dnsblog</tt>" service 980 in <a href="master.5.html">master.cf</a>. </p> 981 982 <pre> 983 /etc/postfix/<a href="master.5.html">master.cf</a>: 984 #dnsblog unix - - n - 0 dnsblog 985 </pre> 986 987 <li> <p> Comment out the "<tt>smtpd pass ... smtpd</tt>" service 988 in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries 989 that follow. </p> 990 991 <pre> 992 /etc/postfix/<a href="master.5.html">master.cf</a>: 993 #smtpd pass - - n - - smtpd 994 # -o parameter=value ... 995 </pre> 996 997 <li> <p> Comment out the "<tt>tlsproxy unix ... tlsproxy</tt>" 998 service in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" 999 entries that follow. </p> 1000 1001 <pre> 1002 /etc/postfix/<a href="master.5.html">master.cf</a>: 1003 #tlsproxy unix - - n - 0 tlsproxy 1004 # -o parameter=value ... 1005 </pre> 1006 1007 <li> <p> Uncomment the "<tt>smtp inet ... smtpd</tt>" service in 1008 <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries that 1009 may follow. </p> 1010 1011 <pre> 1012 /etc/postfix/<a href="master.5.html">master.cf</a>: 1013 smtp inet n - n - - smtpd 1014 -o parameter=value ... 1015 </pre> 1016 1017 <li> <p> Read the new configuration with "<tt>postfix reload</tt>". 1018 </p> 1019 1020 </ol> 1021 1022 <h2> <a name="historical"> Historical notes and credits </a> </h2> 1023 1024 <p> Many ideas in <a href="postscreen.8.html">postscreen(8)</a> were explored in earlier work by 1025 Michael Tokarev, in OpenBSD spamd, and in MailChannels Traffic 1026 Control. </p> 1027 1028 <p> Wietse threw together a crude prototype with pregreet and dnsbl 1029 support in June 2009, because he needed something new for a Mailserver 1030 conference presentation in July. Ralf Hildebrandt ran this code on 1031 several servers to collect real-world statistics. This version used 1032 the <a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client program. </p> 1033 1034 <p> Wietse needed new material for a LISA conference presentation 1035 in November 2010, so he added support for DNSBL weights and filters 1036 in August, followed by a major code rewrite, deep protocol tests, 1037 helo/sender/recipient logging, and stress-adaptive behavior in 1038 September. Ralf Hildebrandt ran this code on several servers to 1039 collect real-world statistics. This version still used the embarrassing 1040 <a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client program. </p> 1041 1042 <p> Wietse added STARTTLS support in December 2010. This makes 1043 <a href="postscreen.8.html">postscreen(8)</a> usable for sites that require TLS support. The 1044 implementation introduces the <a href="tlsproxy.8.html">tlsproxy(8)</a> event-driven TLS proxy 1045 that decrypts/encrypts the sessions for multiple SMTP clients. </p> 1046 1047 </body> 1048 1049 </html> 1050 1051
Indexes created Sun Jun 07 00:24:08 UTC 2026