Dear Community Friends Greetings,
i work with ISP, we host email service for almost 500+ companies and 200+ mail servers relay through my smart host.
i implemented something that when our smart host would become blacklisted. It will automatic switch to next available smart host (which is ready sitting). that mean it will start relaying message through another smart host automatically.
i think i must tell little background as well. it is actually php script that perform blacklist check every minute through cron. if it found that IP is blacklisted. It will then insert "relay host =" value in main.cf and reload postfix service. When IP is no more blacklisted it will then remove the same directive from main.cf and reload postfix.
everything is working as expected. i have one question, when we reload postfix does it drop active SMTP session?
for example lets say that remote SMTP server is delivering message to my postfix that has 8MB attachment. message was not fully transferred. lets say that 4MB was transferred. and i issued "postfix reload". will that connection drop or continue to deliver the mail?
Thanks / Regards Prabhpal S. Mavi
On Wed, 2012-04-25 at 11:42 +0000, Prabhpal S. Mavi wrote:
i think i must tell little background as well. it is actually php script that perform blacklist check every minute through cron. if it found that IP is blacklisted. It will then insert "relay host =" value in main.cf and reload postfix service. When IP is no more blacklisted it will then remove the same directive from main.cf and reload postfix.
Why not propely 'out-source' this to a Postfix map rather than modifying main.cf. Dynamic modification of main.cf is *seriously* brain-damaged in my opinion. Point a map at an LDAP DSA or an RDBMS database and have the application update *that*. Then Postfix checks the map. Nobody needs to get constantly hup'd and you aren't touching configuation files that *should not be writable* anyway.
everything is working as expected. i have one question, when we reload postfix does it drop active SMTP session?
Dear Adam Tauno Williams
thanks for your response, i am not sure what did you advice. could you please explain nit more if there is any other way to do it. as sounds in your mail.
Thanks
On Wed, 2012-04-25 at 11:42 +0000, Prabhpal S. Mavi wrote:
i think i must tell little background as well. it is actually php script that perform blacklist check every minute through cron. if it found that IP is blacklisted. It will then insert "relay host =" value in main.cf and reload postfix service. When IP is no more blacklisted it will then remove the same directive from main.cf and reload postfix.
Why not propely 'out-source' this to a Postfix map rather than modifying main.cf. Dynamic modification of main.cf is *seriously* brain-damaged in my opinion. Point a map at an LDAP DSA or an RDBMS database and have the application update *that*. Then Postfix checks the map. Nobody needs to get constantly hup'd and you aren't touching configuation files that *should not be writable* anyway.
everything is working as expected. i have one question, when we reload postfix does it drop active SMTP session?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks / Regards Prabhpal S. Mavi
On Wed, 2012-04-25 at 11:57 +0000, Prabhpal S. Mavi wrote:
Dear Adam Tauno Williams thanks for your response, i am not sure what did you advice. could you please explain nit more if there is any other way to do it. as sounds in your mail.
http://www.postfix.org/RESTRICTION_CLASS_README.html
You can restrict senders and receivers through standard maps. Those maps can query just about anything you desire.
From: Prabhpal S. Mavi prabhpal@digital-infotech.net
i implemented something that when our smart host would become blacklisted. It will automatic switch to next available smart host (which is ready sitting). that mean it will start relaying message through another smart host automatically.
Why not find out why you get blacklisted instead of trying to bypass it? You seem to imply that it is something that will happen and often...
JD
Am 25.04.2012 14:14, schrieb John Doe:
From: Prabhpal S. Mavi prabhpal@digital-infotech.net
i implemented something that when our smart host would become blacklisted. It will automatic switch to next available smart host [...]
Why not find out why you get blacklisted instead of trying to bypass it?
That may well prove fruitless. There are blacklists out there which won't tell you why they list a host or refuse to remove a host even if their reason for listing is gone (or was never valid to begin with).
John Doe wrote:
From: Prabhpal S. Mavi prabhpal@digital-infotech.net
i implemented something that when our smart host would become blacklisted. It will automatic switch to next available smart host (which is ready sitting). that mean it will start relaying message through another smart host automatically.
Why not find out why you get blacklisted instead of trying to bypass it? You seem to imply that it is something that will happen and often...
It happens. It's certainly happened to me. When you're a hosting co (like the host I use), and have tens or hundreds of thousands of clients with many domains, and some are businesses or organizations that legitimately send out mass emailings, you're trying to catch the idiot whose machine got infected, it was uploaded to their hosted site, and voila, spam going out of your domain. *AND* the blacklisters *insist* on blocking the *entire* address range assigned to the hosting co, rather than the source IP.
mark
On 4/25/2012 12:00 PM, m.roth@5-cent.us wrote:
John Doe wrote:
automatically. Why not find out why you get blacklisted instead of trying to bypass it? You seem to imply that it is something that will happen and often...
It happens. It's certainly happened to me. When you're a hosting co (like the host I use), and have tens or hundreds of thousands of clients with many domains, and some are businesses or organizations that legitimately send out mass emailings, you're trying to catch the idiot whose machine got infected, it was uploaded to their hosted site, and voila, spam going out of your domain. *AND* the blacklisters *insist* on blocking the *entire* address range assigned to the hosting co, rather than the source IP.
I am just now getting into blacklisting by ips, but I would never do it that way. The only time I have added a host to the blacklist is when it is the host's actual mail servers spamming me. I had to to that with only a few so far (like ovh).
For individuals like you speak of, I would only add their domain, not an ip range.
the only ones I have added ipranges for are bulk list spammers like constant contact and vocus and the like.
blacklisting ip blocks is fraught with danger, but in the case of an individual mail server for a individual person, not so bad.
I think it would be impossible to police clients as a host...I cannot see how you could do it. My main reason for never entertaining the idea of running a host company.. Give you credit for trying though.
On 4/25/2012 7:42 AM, Prabhpal S. Mavi wrote:
i work with ISP, we host email service for almost 500+ companies and 200+ mail servers relay through my smart host.
i implemented something that when our smart host would become blacklisted. It will automatic switch to next available smart host (which is ready sitting). that mean it will start relaying message through another smart host automatically.
well, as someone who has been really fighting spam lately I can say that that system will definitely work out quite well and most bulk spammers use something like that.
with that many companies and mail servers, I have no idea how you can police them...wow
From: Bob Hoffman bob@bobhoffman.com
On 4/25/2012 7:42 AM, Prabhpal S. Mavi wrote:
i work with ISP, we host email service for almost 500+ companies and 200+ mail servers relay through my smart host.
i implemented something that when our smart host would become blacklisted. It will automatic switch to next available smart host (which is ready sitting). that mean it will start relaying message through another smart host automatically.
well, as someone who has been really fighting spam lately I can say that that system will definitely work out quite well and most bulk spammers use something like that.
with that many companies and mail servers, I have no idea how you can police them...wow
Talking about spam... the USA lost its spam crown to India... http://nakedsecurity.sophos.com/2012/04/23/india-becomes-the-king-of-the-spa...
JD
On 25 April 2012 07:42, Prabhpal S. Mavi prabhpal@digital-infotech.netwrote:
Dear Community Friends Greetings,
i work with ISP, we host email service for almost 500+ companies and 200+ mail servers relay through my smart host.
i implemented something that when our smart host would become blacklisted. It will automatic switch to next available smart host (which is ready sitting). that mean it will start relaying message through another smart host automatically.
i think i must tell little background as well. it is actually php script that perform blacklist check every minute through cron. if it found that IP is blacklisted. It will then insert "relay host =" value in main.cf and reload postfix service. When IP is no more blacklisted it will then remove the same directive from main.cf and reload postfix.
everything is working as expected. i have one question, when we reload postfix does it drop active SMTP session?
for example lets say that remote SMTP server is delivering message to my postfix that has 8MB attachment. message was not fully transferred. lets say that 4MB was transferred. and i issued "postfix reload". will that connection drop or continue to deliver the mail?
Thanks / Regards Prabhpal S. Mavi
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Postfix reload will not disrupt any connection and in your example the mail will continue to be delivered
-
Adam Tauno Williams -
Bob Hoffman -
Earl Ramirez -
John Doe -
m.roth@5-cent.us -
Prabhpal S. Mavi -
Tilman Schmidt