On 15.03.24 15:06, Noel Jones via Postfix-users wrote:
Postscreen by design only looks at the IP, and has no mechanism to
consider other envelope data.
The solution is to not use a DNSBL that routinely blocks wanted mail
in postscreen.
Or, set postscreen_dnsbl_threshold high enough so it does not rely on
listing in single list. You could e.g. set up:
postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[0..255]
dnsbl.sorbs.net=127.0.0.[0..255]
bl.spamcop.net=127.0.0.2
list.dnswl.org=127.0.[0..255].[0..255]*-1
list.dnswl.org=127.0.[0..255].3*-1
postscreen_dnsbl_threshold=2
maybe if you trust spamhaus enough, append *2 to it
On 3/15/2024 1:11 PM, Matt Saladna via Postfix-users wrote:
Mar 15 13:51:22 atlas postfix/postscreen[5978]: NOQUEUE: reject:
RCPT from [1.2.3.4]:51944: 550 5.7.1 Service unavailable; client
[1.2.3.4] blocked using zen.spamhaus.org; from=<x@y>, to=<a@b>,
proto=ESMTP, helo=<aspmx3.googlemail.com>
Postscreen config:
postscreen_dnsbl_action=enforce
postscreen_dnsbl_sites=bl.spamcop.net*2 b.barracudacentral.org*2
zen.spamhaus.org=127.0.[0;1;2].[0..254]*2 list.dnswl.org*-2
I'm somewhat surprised that your (fake) sample singles out zen. It's
been pretty reliable for me.
postscreen reports the first dns?l that replies.
Thus, it can also report "blacklisted by dnswl" if dnswl catches first.
That's why postscreen_dnsbl_reply_map exists
postscreen_dnsbl_reply_map=texthash:/etc/postfix/dnsbl_map
% cat /etc/postfix/dnsbl_map
list.dnswl.org multiple DNS-based blocklists
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
