RBLS and Hangup

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

RBLS and Hangup

@lbutlr
After reading (and implementing) http://www.postfix.org/STRESS_README.html#hangup 
  I was wondering if there is any reason not to extend this behavior  
to 127.0.0.4-8 (the XBL)?

Also, why would I want:
> 8 rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}

Is there a reason I would only want to hangup on the RBL listed  
connections when the server is stressed instead of all the time?

--
Monique: He keeps putting his testicles all over me.
Lane: Excuse me?

Reply | Threaded
Open this post in threaded view
|

Re: RBLS and Hangup

Noel Jones-2
LuKreme wrote:

> After reading (and implementing)
> http://www.postfix.org/STRESS_README.html#hangup I was wondering if
> there is any reason not to extend this behavior to 127.0.0.4-8 (the XBL)?
>
> Also, why would I want:
>> 8 rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
>
> Is there a reason I would only want to hangup on the RBL listed
> connections when the server is stressed instead of all the time?
>

The STRESS_README was written before postfix supported 521 as
a hangup action, so yes, it's reasonable to disconnect after
any RBL hit during stress.

I am somewhat hesitant to recommend using 521 as your
"standard" RBL reject code since the RFCs don't specifically
mention 521/disconnect as a valid code (421/disconnect is
mentioned as a special case).  On the other hand, clients
"MUST" interpret any 5xx code as a permanent reject.  This
hasn't been widely tested and there's just enough wiggle room
here that it's possible some clients will behave badly.  But
it's probably fine.

   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: RBLS and Hangup

@lbutlr
On 18-Aug-2009, at 10:42, Noel Jones wrote:

> The STRESS_README was written before postfix supported 521 as a  
> hangup action, so yes, it's reasonable to disconnect after any RBL  
> hit during stress.
>
> I am somewhat hesitant to recommend using 521 as your "standard" RBL  
> reject code since the RFCs don't specifically mention 521/disconnect  
> as a valid code (421/disconnect is mentioned as a special case).  On  
> the other hand, clients "MUST" interpret any 5xx code as a permanent  
> reject.  This hasn't been widely tested and there's just enough  
> wiggle room here that it's possible some clients will behave badly.  
> But it's probably fine.


Thanks for the info. I think I'm going to go ahead with it since only  
about 5% of my mail hits the RBL anyway.

in rbl_relay_maps does each possible IP have to have a separate block  
is there a way to 'wild card' them all into one declaration? and are  
the line feeds shown in the example significant?

something like:
zen.spamhaus.org=127.0.0.* 521 4.7.1 Service unavailable;
  $rbl_class [$rbl_what] blocked using
  $rbl_domain${rbl_reason?; $rbl_reason}

(obviously that's not going to be the syntax, but is there a way to  
combine 4-11 of even 2-11 into one declaration?)

--
showing snuffy is when Sesame Street jumped the shark

Reply | Threaded
Open this post in threaded view
|

Re: RBLS and Hangup

Noel Jones-2
LuKreme wrote:

> On 18-Aug-2009, at 10:42, Noel Jones wrote:
>> The STRESS_README was written before postfix supported 521 as a hangup
>> action, so yes, it's reasonable to disconnect after any RBL hit during
>> stress.
>>
>> I am somewhat hesitant to recommend using 521 as your "standard" RBL
>> reject code since the RFCs don't specifically mention 521/disconnect
>> as a valid code (421/disconnect is mentioned as a special case).  On
>> the other hand, clients "MUST" interpret any 5xx code as a permanent
>> reject.  This hasn't been widely tested and there's just enough wiggle
>> room here that it's possible some clients will behave badly.  But it's
>> probably fine.
>
>
> Thanks for the info. I think I'm going to go ahead with it since only
> about 5% of my mail hits the RBL anyway.
>
> in rbl_relay_maps does each possible IP have to have a separate block is
> there a way to 'wild card' them all into one declaration? and are the
> line feeds shown in the example significant?
>
> something like:
> zen.spamhaus.org=127.0.0.* 521 4.7.1 Service unavailable;
>  $rbl_class [$rbl_what] blocked using
>  $rbl_domain${rbl_reason?; $rbl_reason}
>
> (obviously that's not going to be the syntax, but is there a way to
> combine 4-11 of even 2-11 into one declaration?)
>

maps_rbl_reject_code = 521

http://www.postfix.org/postconf.5.html#maps_rbl_reject_code

   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: RBLS and Hangup

d.hill
In reply to this post by @lbutlr
Quoting LuKreme <[hidden email]>:

> On 18-Aug-2009, at 10:42, Noel Jones wrote:
>> The STRESS_README was written before postfix supported 521 as a  
>> hangup action, so yes, it's reasonable to disconnect after any RBL  
>> hit during stress.
>>
>> I am somewhat hesitant to recommend using 521 as your "standard"  
>> RBL reject code since the RFCs don't specifically mention  
>> 521/disconnect as a valid code (421/disconnect is mentioned as a  
>> special case).  On the other hand, clients "MUST" interpret any 5xx  
>> code as a permanent reject.  This hasn't been widely tested and  
>> there's just enough wiggle room here that it's possible some  
>> clients will behave badly.  But it's probably fine.
>
>
> Thanks for the info. I think I'm going to go ahead with it since  
> only about 5% of my mail hits the RBL anyway.
>
> in rbl_relay_maps does each possible IP have to have a separate  
> block is there a way to 'wild card' them all into one declaration?  
> and are the line feeds shown in the example significant?
>
> something like:
> zen.spamhaus.org=127.0.0.* 521 4.7.1 Service unavailable;
>  $rbl_class [$rbl_what] blocked using
>  $rbl_domain${rbl_reason?; $rbl_reason}

Using a pcre map type and the example on the page:

/zen\.spamhaus\.org=127\.0\.0\.1(?:0|1)/ 521 4.7.1 Service unavailable;
  $rbl_class [$rbl_what] blocked using
  $rbl_domain${rbl_reason?; $rbl_reason}

> (obviously that's not going to be the syntax, but is there a way to  
> combine 4-11 of even 2-11 into one declaration?)
>
> --
> showing snuffy is when Sesame Street jumped the shark
>
>