Neil wrote:
On 21 Sep 2008, at 05:39, mouss wrote:
My current config is:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
you can at leats add (after reject_unauth_destination)
# reject unknown addresses before querying dnsbls
reject_unlisted_recipient
reject_unlisted_sender
# zen catches a lot of junk sources
reject_rbl_client zen.spamhaus.org
So I took your advice and am using these; but it occurred to me: shit
happens,
zen is considered safe by most people, and is widely used. but you can
whitelist servers you communicate with. I use
check_client_access .../client_acl
check_client_access cidr:/..../dnwsl_permit
where client_acl contains whitelist and blocklist checks, and
dnswl_permit is rsync-ed from dnswl.org.
and it might be nice to have these mails come through, but put
them in my junkmail folder.
then use spamassassin or use policyd-weight (or write a policy service
that does dnsbl check and returns a PREPEND action).
I can move them in easily enough with procmail, if they get a header
added. My question is, naturally, how can I add a header on these
conditions instead of rejecting them?
you can't. you can however test the check by using
warn_if_reject reject_rbl_client zen.spamhaus.org
This will log warnings instead of rejecting the connections.
