Re: [PLUG] Postscreen (another tool for helping to minimize the effect o

ac on 24 Oct 2016 13:36:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)

From: ac <ac@main.me>
To: "Keith C. Perry" <kperry@daotechnologies.com>
Subject: Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
Date: Mon, 24 Oct 2016 22:36:46 +0200
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=main.me; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Subject:Cc:To:From:Date:Sender:Reply-To:Message-ID:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Dq3TrDf3CFu41qWrnuRmqxNobsKYDXjLMJz8SCwRGQE=; b=SZ/g3pdeD2rI4mA/RkErLpXosX vuEDOs77oMTDUuOkFFi/6kS9mtdCOjAmy+QR3rhaiT6OclFy7xkuA9pU+N7iq8oJLZbR9IK3alEN8 bBVnCCAm/maLsL7eCbj7jMowinDVG7vO87XfSGWKH5SU7LIsTce5Qrn5Zpz0kD4yqN38qOwrzruwM SRpp9AZlHTlhAYnum9xKwVMEYE/ekIb+iqCqS7lGXuUCUWGbAauYoVnmvQz0LL1KeK25ptuhLWvxx H0EDg8w5J19jt9iOL4IS2ZCMm+hY14LurzyLJM7pl+TjnLWZSbToF8HOim+dlZ+ACj/ZN2OYOqFHn GQzz7Fzg==;
Organization: acmain
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Mon, 24 Oct 2016 16:25:18 -0400 (EDT)
"Keith C. Perry" <kperry@daotechnologies.com> wrote:

> Two questions...
> 
> 1) "higher overhead"
> 
> In terms of what specifically.  Memory, cpu, etc...  I can't see a
> whitelist cheap being that intensive relative to the full check the
> main mail server does.
> 
in terms of throughput, if you have to do X  (eg dns lookup)  before
doing Y, and what your throughput is. Some mail clusters handles
millions of emails, etc. etc  

> 2) "...somewhat less effective these days as bots also deal with
> delays now."
> 
> When you say "deal with",  How so?  Postscreen sounds like it does
> for mail what my iptables rule do for my entire net- that is to say,
> prevent spammers from over running the server.  I guessing the
> Postscreen delay is configurable but are you saying there is some way
> around that?
> 
okay, no. postscreen has many cool features, start using it on your
email cluster and see, you can score (weigh) rbl and many cool things

the delays - spam as everyone knows, comes from many different sources.
The source that postscreen was really good at defending, the botnets
was mostly due to the delay happening at the end/last but the bots have
become more sophisticated and these days they spawn/wait/come back
some of these new bots & controllers are tracked here: 
http://spamid.net 

anyway, if you are running one email server (singular) it is not all that
useful so much, I guess. but as with our previous discussions, do not
let the technical stuff bother you, it is your server, so do as you like :)

Andre


> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
> Keith C. Perry, MS E.E. 
> Owner, DAO Technologies LLC 
> (O) +1.215.525.4165 x2033 
> (M) +1.215.432.5167 
> www.daotechnologies.com
> 
> ----- Original Message -----
> From: "ac" <ac@main.me>
> To: "Keith C. Perry" <kperry@daotechnologies.com>
> Cc: "Philadelphia Linux User's Group Discussion List"
> <plug@lists.phillylinux.org> Sent: Monday, October 24, 2016 4:11:51 PM
> Subject: Re: [PLUG] Postscreen (another tool for helping to minimize
> the effect of spam)
> 
> On Mon, 24 Oct 2016 16:06:25 -0400 (EDT)
> "Keith C. Perry" <kperry@daotechnologies.com> wrote:
> > First I've heard of postscreen (and now postgrey- thanks) so I'll
> > have to see how it goes in the wild.
> > 
> I use it, yes it is cool but it is somewhat less effective these days
> as bots also deal with delays now. It has a higher overhead but is
> still very effective in smaller email clusters, like an other expert
> said, it depends on your environment, how many physical mail servers
> you have, where they are, etc etc. - in larger clusters, not so much,
> there are lower overhead ways, like basic checks (no dns, etc) larger
> clusters you still need to build to fit a suitable greylisting design
> as each requirement is always different and any overhead/delays/etc is
> not that good/acceptable
> 
> 1c
> 
> Andre 
> 
> > ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
> > Keith C. Perry, MS E.E. 
> > Owner, DAO Technologies LLC 
> > (O) +1.215.525.4165 x2033 
> > (M) +1.215.432.5167 
> > www.daotechnologies.com
> > 
> > ----- Original Message -----
> > From: "Rich Freeman" <r-plug@thefreemanclan.net>
> > To: "Philadelphia Linux User's Group Discussion List"
> > <plug@lists.phillylinux.org> Sent: Monday, October 24, 2016 3:55:34
> > PM Subject: Re: [PLUG] Postscreen (another tool for helping to
> > minimize the effect of spam)
> > 
> > On Mon, Oct 24, 2016 at 2:47 PM, Keith C. Perry
> > <kperry@daotechnologies.com> wrote:
> > > For what its worth, Zimbra 8.7 has built in Postscreen
> > > functionality (since it is part of Postfix) and they have nice
> > > write up on it at:
> > >
> > > https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen
> > >
> > > The main, Postfix man page is here:
> > >
> > > http://www.postfix.org/postscreen.8.html
> > 
> > Interesting.  I'm currently running postfix and postgrey.  How much
> > of a drop-in is postscreen, or do you really need to tweak the
> > config to have it work "correctly?"  Does it offer many benefits
> > compared to postgrey?  Postgrey also does the whitelisting but the
> > test consists simply of dropping every connection with a temporary
> > failure and seeing if the host bothers to try again later.
> > 
> > It looks like you want it to only filter inbound mail from the
> > internet.  That isn't a big deal since that all comes in through a
> > gateway anyway, so I can just have it go to a dedicated postscreen
> > port.
> > 
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> http://www.phillylinux.org Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce General
> Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> http://www.phillylinux.org Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce General
> Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
  - From: "Keith C. Perry" <kperry@daotechnologies.com>

Prev by Date: Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
Next by Date: Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
Previous by thread: Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
Next by thread: Re: [PLUG] Postscreen (another tool for helping to minimize the effect of spam)
Index(es):
- Date
- Thread