Home / server / Questions / 372448
Accepted
petermolnar
Asked: 2012-03-23 07:15:30 +0800 CST

Postfix Postscreen: how to use postscreen for smtp and smtps both

  • 772

I'm trying to get postscreen work. I've followed the man page and it's already running correctly for smtp.

But it I want to use it for smtps as well (adding the same line as smtp in master.cf but with smtps) i receive failure messages in syslog like:

postfix/postscreen[8851]: fatal:
btree:/var/lib/postfix/postscreen_cache: unable to get exclusive lock:
Resource temporarily unavailable

Some say that postscreen can only run once; that's ok. But can I use the same postscreen session for both smtp and smtps? If not, how to enable postscreen for smtps as well?

Any help would be apprecieted!

The parts of the configs:

main.cf postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr

postscreen_dnsbl_threshold = 8
postscreen_dnsbl_sites = dnsbl.ahbl.org*3 dnsbl.njabl.org*3 dnsbl.sorbs.net*3 pbl.spamhaus.org*3 cbl.abuseat.org*3 bl.spamcannibal.org*3 nsbl.inps.de*3 spamrbl.imp.ch*3
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce

master.cf (full)

smtpd     pass  -       -       n       -       -       smtpd
smtp      inet  n       -       n       -       1       postscreen
tlsproxy  unix  -       -       n       -       0       tlsproxy
dnsblog   unix  -       -       n       -       0       dnsblog

### the problematic line ###
smtps     inet  n       -       -       -       -       smtpd

pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache

dovecot   unix  -       n       n        -      -       pipe
  flags=DRhu user=virtuser:virtuser argv=/usr/bin/spamc -e /usr/lib/dovecot/deliver -d ${recipient} -f {sender}
postfix postscreen

1 Answers

  1. Best Answer

    It doesn't make sense to enable postscreen for SMTPS.

    Postscreen has been invented to stop spambots hitting the real SMTP server. But I've never seen spambots using SMTPS. Only real servers use SMTPS which also bypass the postscreen defense line. So your approach is useless.

    • 1