I've been using security/py-fail2ban for some years to scan my mail/postfix-sasl maillog and block offending IPs at my internet-facing pf firewall. I do this because port 25 is often just the first port hit by bots.
Recently I noticed that /var/log/debug.log contained some 600 error messages like this:
These logs started when I updated mail/postfix-sasl to 3.10.0_1,1 near the end of May.
I was surprised because I had never used blacklistd.
I know that blacklistd has been available for some years but I don't think it was enabled in all postfix flavours by default.
Perhaps these errors only started to be logged with the update.
Looking back at the history of the port, I see version 3.10.0_1,1 was to "Make postscreen blacklistd aware".
It seems that, since then, all flavors of postfix now have blacklistd enable by default.
When I asked about these logs via a bug report, I was told that "This log comes from blacklistd, not postfix. It's there by design."
I believe it is from the blacklistd code embedded in postscreen. I could find very little information about this.
What I don't like about this default embedding of blacklistd:
However, that would seem to be going against the often quoted advice of not to mix ports and packages.
I suspect those who wish to use the blacklistd integration are probably more capable of making the necessary changes and compiling the port.
My workaround to avoid these logs is to enable blacklistd in rc.conf and create a blacklistd.conf that does absolutely nothing.
To me, the need to call something that you know does nothing seems a bit strange.
Personally, I'd like to see this blacklistd default removed from the postfix packages.
Recently I noticed that /var/log/debug.log contained some 600 error messages like this:
Code:
... postfix/postscreen 30309 - - bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory)These logs started when I updated mail/postfix-sasl to 3.10.0_1,1 near the end of May.
I was surprised because I had never used blacklistd.
I know that blacklistd has been available for some years but I don't think it was enabled in all postfix flavours by default.
Perhaps these errors only started to be logged with the update.
Looking back at the history of the port, I see version 3.10.0_1,1 was to "Make postscreen blacklistd aware".
It seems that, since then, all flavors of postfix now have blacklistd enable by default.
When I asked about these logs via a bug report, I was told that "This log comes from blacklistd, not postfix. It's there by design."
I believe it is from the blacklistd code embedded in postscreen. I could find very little information about this.
What I don't like about this default embedding of blacklistd:
- Which postfix/postscreen failures are sent to blacklistd is determined by the embedded blacklistd code.
- It seems there is no documentation about this integration, unless you're able to read the source code.
- Because blacklistd uses a socket to communicate, it's limited to manipulating the local firewall.
- This integration probably introduces some small overhead but it is an unnecessary overhead for those who don't use it.
However, that would seem to be going against the often quoted advice of not to mix ports and packages.
I suspect those who wish to use the blacklistd integration are probably more capable of making the necessary changes and compiling the port.
My workaround to avoid these logs is to enable blacklistd in rc.conf and create a blacklistd.conf that does absolutely nothing.
To me, the need to call something that you know does nothing seems a bit strange.
Personally, I'd like to see this blacklistd default removed from the postfix packages.