In this article, you will learn about Zimbra Postscreen and how it works.
Zimbra Postscreen is an anti-bot/dos started in Zimbra 8.7. It tackles mail server overload by keeping spambots away and making more SMTP processes available for legitimate clients. Zimbra Postscreen process handles multiple inbound SMTP connections and deciding which client can talk to a post-fix SMTP server process.
Zimbra Collaboration Postscreen checks the clients with several tests. It creates a temporary list of clients who passed the test which is called a white-list. Postscreen immediately connects these clients to a Postfix SMTP server process. Emails from clients that could not pass one or more of the tests are rejected. This way Zimbra postscreen minimizes the overhead for legitimate clients by keeping the spambots away from Postfix SMTP processes.
Imagine you are not using Postscreen. Considering that you can offer a limited number of SMTP process, spambots can occupy those already limited SMTP processes and make legitimate clients waiting. On the other hand with Postscreen these spambots should first talk with the Postscreen and if it realizes them to be bots they will be sent to the anti-spam engines.
The majority of spam are sent by malware on an end-user compromised computer which is called zombies. Without having a Postscreen to block zombies, the postfix resources would be wasted. The challenge of postscreen is to understand who is a zombie and who isn’t. Postscreen will temporarily insert a client to the white-list if doesn’t recognize it as a zombie.
The actual process of identifying a zombie is not so easy, zombies can stay hidden by avoiding spamming an already spammed site. Also, zombies face some challenges, the time they have to deliver spam is limited so they have to make some compromises in their protocol to shorten the delivery time, such as, speaking prior to their turn or continuing to send emails even after the SMTP server tell them to leave. On the other hand, postscreen uses different methods to identify zombies, such as checking if the remote SMTP client IP address has been blacklisted or checking if the protocol has been compromised to shorten the delivery time. postscreen won’t look inside the email to identify a zombie.
Using Zimbra Postscreen
To learn using Zimbra postscreen check out How To Use Zimbra Postscreen?.