On 25-03-06 18:02:13, Matus UHLAR - fantomas via Postfix-users wrote: > On 06.03.25 09:28, Petko Manolov via Postfix-users wrote: > > The goal was to have my dmarc config as tight as possible. Namely: > > > > SPFSelfValidate true > > SPFIgnoreResults true > > RejectFailures true > > > > Quoting dmarc documentation re the latter: " If set, messages will be > > rejected if they fail the DMARC evaluation, or temp-failed if evaluation > > could not be completed." This obviously didn't happen. > > I can only guess it did not happen because the policy was "none" so there was > no reason to reject.
I reordered a few restrictions, removed a premature 'permit' and so far the config seems to be doing what is expected. > > Hmm, zen.spamhaus.org doesn't resolve anymore. I wonder what would be the > > correct/contemporary version of: > > > > reject_rbl_client zen.spamhaus.org=127.0.0.[2..11] > > I recommend using postscreen(8) which can filter out many bots and using dns*l > lookups there. > > http://www.postfix.org/POSTSCREEN_README.html I suspect that at some point this is what i'll end up doing. Before diving head first, however, i'd like to make sure i understand the theory behind postscreen. Thanks for encouraging me, this may tip the balance toward it. cheers, Petko _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
