On Thu, Dec 15, 2011 at 09:35:19AM -0600, /dev/rob0 wrote: > > I am thinking to use postscreen with mail submission server as > > well since its rbl check seems to be better in performance than > > using smtpd's one. > > The difference is in how it is done. smtpd checks each DNSBL in > sequence, while postscreen hits them all in parallel. The benefit is > that a score can be calculated from all results, rather than smtpd's > absolute yes-or-no decisions. > > > Since I want also block some of the IPs even in case > > of mail submission (eg: user's account is stolen etc) with an > > own hosted BL for this purpose, > > Not a good example. If a user's credentials are used for spamming, > your best option is to revoke those credentials. A local DNSBL isn't > going to block those effectively.
Well, my idea based on the fact that it seems IPs abusing one of my mail users (eg: password is stolen) to send spam will likely (in my experience) come back again later with _another_ abused mail user (or trying to ESMTP auth for hours even if error is returned because of the revoked credentials). So what I wanted is blocking the IP as it's part of a botnet network or so: I don't want to block _only_ (but I do that too, of course!) my mail user (and inform her/him to change password, educate about phishing, etc etc) but the IP too to avoid further mail user abusements with another ones, or trying to auth with the same user (without success though) thus wasting my resources. But yes, I understand your (and Wietse's) advices, thanks. > I would guess not. There are better ways to deal with the issues > mentioned here. There are a lot of MUA implementations, many of them > not so good, much like spam zombies. Since postscreen was made to > fight zombies, it does not sound like a good thing to put between the > server and your own users. Ok, I see your point, however I would only use the BL lookup feature for mail submission, the other features are only used on tcp/25 on MX servers and not at mail submission service (and they are different servers as well). > I'd echo what Wietse said about policy services, and also suggest > content filtering on your submission stream. Surely, I don't want to replace those with my idea.
