Il 08/04/2011 05:29, Noel Jones ha scritto:
.. [cut] ..
postscreen tests the connection and issues a reject with a 450 "try
again" code. At this point, the client has done everything postscreen
requires and testing is complete.
.. [cut] ..
The client was well-behaved and was added to the PASS list.
Looks OK to me
My error was considering client not 'well-behaving' (see Sahil reply)
.. Consider adding some postscreen_dnsbl_sites such as
zen.spamhaus.org to reject unwanted mail from sites that pass the
protocol tests.
I've alredy done some tests with ..
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
b.barracudacentral.org*1 spamtrap.trblspam.com*1
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
..or simply..
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_sites = zen.spamhaus.org
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
But i've (obviously) noticed an high increase in dns queries (unbound
local resolver) and checking my logs i've realized that about 80% of
'defer/reject' would be done by less expensive tests (not rbl
dependent). Consider that at the end of my 'accept-chain' i've postfwd2
policy delegation wich selectively score senders (dnsbl|greylist|throttle).
In this scenario i can speed-up well dressed dns senders, reject/defer
tons of bad client with pcre and reduce dnsbl check to the rest. All
this before amavis/SA ..so dns tests are 'reduced twice'.
Actually.. to me.. i think postscreen will be a superb tool to kill
pregreeter but i'm not going to use its dnsbl features.
However, thanks for the hint.. ;) ..have a nice day!
Amedeo Rinaldo
--------------
Una volta eliminato l'impossibile, quello che resta, per improbabile che
sia, deve essere la verità (Sherlock Holmes)
