On Thursday 15 December 2011 08:24:51 Gábor Lénárt wrote:
> On Thu, Dec 15, 2011 at 08:19:18AM -0600, /dev/rob0 wrote:
> > On Thursday 15 December 2011 07:53:35 Tomas Macek wrote:
> > > But we have clients, that send mails on both port 25 and
> > > 587. I really cannot use postscreen? I don't understand
> > > why exactly. What will happen if I use it?
> >
> > You might reject some MUA clients, and if using after-220
> > tests, you will be getting phone calls from confused users.
>
> Btw:
>
> I am thinking to use postscreen with mail submission server as
> well since its rbl check seems to be better in performance than
> using smtpd's one.
The difference is in how it is done. smtpd checks each DNSBL in
sequence, while postscreen hits them all in parallel. The benefit is
that a score can be calculated from all results, rather than smtpd's
absolute yes-or-no decisions.
> Since I want also block some of the IPs even in case
> of mail submission (eg: user's account is stolen etc) with an
> own hosted BL for this purpose,
Not a good example. If a user's credentials are used for spamming,
your best option is to revoke those credentials. A local DNSBL isn't
going to block those effectively.
Even if it did, I think the smtpd's way of doing it would make sense;
you don't want anything from addresses in your local DNSBL.
> I guess it's not a problem to use
> postscreen in case of mail submission, if I don't use other
> features of postscreen too much - at least not for mail
> submission. Is it a good idea at all?
I would guess not. There are better ways to deal with the issues
mentioned here. There are a lot of MUA implementations, many of them
not so good, much like spam zombies. Since postscreen was made to
fight zombies, it does not sound like a good thing to put between the
server and your own users.
I'd echo what Wietse said about policy services, and also suggest
content filtering on your submission stream.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
