>> Additionally, a reliable DNSBL (block list) could be used to detect and
>> block IP addresses which are known spam sources and/or are dynamically
>> assigned.
>
> Personally I prefer policyd-weight (to avoid rejecting valid mails because
> of false positives on a single RBL), but yes.
Another approach would use the new "postscreen" capability introduced in
version 2.8 of Postfix:
http://www.postfix.org/postscreen.8.html
http://www.postfix.org/POSTSCREEN_README.html
I am currently using a combination of postscreen directives (with a bunch
of white lists and block lists, of varying reliability and assigned various
weights) and more traditional smtpd_*_restrictions items (referencing only
a handful of lists which I have decided are sufficiently conservative that
I'm prepared to trust them fully). The smtpd_*_restrictions info duplicates
portions of my postscreen configuration; this might seem redundant, but it
may catch situations where postscreen's DNS lookups time out for some reason.
I have also defined a smtpd_reject_footer value in my configuration, in
which I provide an alternative (Gmail) address where legitimate senders
can report any delivery problems. So far, at least, I have not received
any such communications.
Rich Wales
ri...@richw.org
