On 19/10/25 21:53, Ralph Seichter via Postfix-users wrote:
As mail admins know, DNS blocklists can vary in quality/usefulness over
time. New ones appear, others become defunct, and keeping local settings
relevant requires some work.
In the wake of a recent server migration I think it's time to revisit my
own settings. Hopefully some of this mailing list's subscribers are
willing to share their Postscreen config (postscreen_dnsbl_sites in
particular) and their reasoning behind it?
This is what I have at the moment:
postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[2;4..11]*3
zen.spamhaus.org=127.0.0.3*2
bl.spameatingmonkey.net=127.0.0.2*2
bl.spamcop.net=127.0.0.2
psbl.surriel.com=127.0.0.2
rep.mailspike.net=127.0.0.[2;10..12]
list.dnswl.org=127.0.[2..20].0*-2
list.dnswl.org=127.0.[2..20].1*-3
list.dnswl.org=127.0.[2..20].[2..3]*-4
**********************.white.mail.abusix.zone=127.0.2.1*-1
rep.mailspike.net=127.0.0.[17..20]*-1
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -1
Zen is pretty universal and is the only rbl that I trust (almost) fully,
and even then I don't fully trust the CSS (I've had false positives come
from the CSS) hence why I've limited 127.0.0.3 responses to a score of 2.
I try to have as many decent whitelists as I can because I run after-220
tests and any server that is whitelisted can bypass those tests.
I try to use combined lists where possible to limit the number of actual
queries, so for example I use rep.mailspike.net which returns codes for
both blocklist and whitelist results and then just filter by the return
code to determine what to do with the result.
Peter
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
