On Wed, Jun 08, 2011 at 10:05:05AM -0700, Rich Wales wrote:
> Another thing I think I see about postscreen is that it apparently
> will only look up IP addresses. There doesn't seem to be any
> "postscreen_rhsbl_sites" feature (which might allow me to move my
> current reject_rhsbl_client and permit_rhswl_client checks into
> postscreen).
Why "move" any checks into postscreen? I basically left my smtpd
restrictions alone. I figure they can't hurt and might help. Sure,
they are lonely and mostly unused, but they were a good policy in
pre-postscreen days, so they're still good.
I can give an example of when/why they might help. Under stress,
postscreen reduces the greet pause to 2 seconds. Under stress, the
possibility that DNSBL responses might be delayed is greater. Why
would you not avail yourself of that second chance to query
zen.spamhaus.org? It's cached now at your nameserver, whether
positive or negative, so it hurts nothing.
> Is such a thing planned, not planned, or perhaps intrinsically
> evil for some reason I'm not thinking of?
I think postscreen needs to stay lightweight and fast. It does not
need to replace all the antispam functionality of smtpd.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
