On 23/01/25 15:34, Christian Seberino via Postfix-users wrote:
Is there a "minimal" setting for these two variables that will
give *some* protection without blocking friendly sites by accident?
I don't know exactly what you mean by "minimal" here, but this is what I
use:
postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[2;4..11]*3
zen.spamhaus.org=127.0.0.3*2
b.barracudacentral.org=127.0.0.2*2
bl.spameatingmonkey.net=127.0.0.2*2
bl.spamcop.net=127.0.0.2
psbl.surriel.com=127.0.0.2
bl.mailspike.net=127.0.0.[2;10..12]
list.dnswl.org=127.0.[2..20].0*-2
list.dnswl.org=127.0.[2..20].1*-3
list.dnswl.org=127.0.[2..20].[2..3]*-4
***************.white.mail.abusix.zone=127.0.2.1*-1
wl.mailspike.net=127.0.0.[17..20]*-1
score.senderscore.com=127.0.4.[70..100]*-1
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -1
Keep in mind that some of these lists require registration, but all are
free to use.
I have had problems with false positives from the spamhaus CSS list
which is why I downgraded it to a score of 2 instead of the 3 score I
assign to the other results from zen.
I have the additional whitelists because I use after-220 tests so the
whitelists are important to allow legitimate servers to bypass those and
dnswl is not in and of itself sufficient to allow all the major ESPs to
bypass. Adding abusix, mailspike and senderscore has helped immensely
in that regard.
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
