I’ve been experimenting with postfix 2.8-20100213 “postscreen” feature on my development server.this feature is very usefull for detecting/dropping misbehavior smtp client.
Configuration :
main.cf
postscreen_greet_action = drop postscreen_dnsbl_sites = zen.spamhaus.org, spam.ipv6.kutukupret.com postscreen_hangup_action = drop postscreen_dnsbl_action = drop
master.cf
smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd -o content_filter=spamchk:dummy dnsblog unix - - n - 0 dnsblog
Logs
Mar 14 12:56:24 fire postfix/postscreen[19999]: PASS OLD 2001:4f8:fff6::35 Mar 14 12:56:24 fire postfix/smtpd[20001]: connect from mx2.freebsd.org[2001:4f8:fff6::35] --- snipped --- Mar 14 12:56:28 fire postfix/pipe[20021]: 6979049168: to=<myuser@ipv6.kutukupret.com>, relay=maildrop, delay=0.09, delays=0.01/0.02/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service)
But i think i’ll wait until this feature is in stable release stage before applying on production machine