On 2/28/2012 10:48 AM, Steve Campbell wrote:
> I'm new to postfix so I've got a lot of learning to do.
Welcome to Postfix. Once you learn it you'll love it.
> One of the basic questions I have is this:
>
> I'm wanting to use bl.spamcop.net. From what I can discern, I've got to
> put this in my main.cf in a section named smtpd_recipient_restrictions.
[...]
> Is the above correct to some degree?
That depends. Spamcop recommends against rejecting mail based on SCBL
hits. Instead they recommend you put such mail in a spam folder so
users can access it (think false positives). Short of this, you should
use dnsbl scoring, such as that provided by postscreen, or one of the
third part Postfix policy daemons.
Not long ago, a month maybe, SCBL listed a huge swatch of one of the
Gorilla's outbound farms, Google IIRC. When this happens you will
permanently lose a lot mail. SCBL is purely trap driven and they don't
give the Gorillas a permanent pass, as Spamhaus does. Thus such mass
FPs will be common on occasion and you'll have to do damage control with
your users.
Thus, if you configure SCBL for direct rejection with
smtpd_recipient_restrictions
...
reject_rbl_client bl.spamcop.net
...
you will have such problems. Using zen.spamhaus.org, and some other
dnsbls, for direct rejection here is fine. SCBL, many SORBS lists, many
five-ten lists, etc are not recommended for this usage scenario. Use
them in a proper scoring system.
FWIW, my dnsbl setup:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
...
...
reject_rbl_client zen.spamhaus.org
reject_rbl_client b.barracudacentral.org
reject_rbl_client psbl.surriel.com
reject_rhsbl_client dbl.spamhaus.org
reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org
YMMV.
--
Stan
