On Mon, Dec 24, 2012 at 05:34:20PM -0500, Alex wrote:
> >> Dec 24 00:28:50 mail02 postfix/postscreen[1468]: NOQUEUE:
> >> reject: RCPT from [195.81.140.87]:32798: 550 5.7.1 Service
> >> unavailable; client [195.81.140.87] blocked using
> >> bl.spamcop.net; from=<u...@libero.it>, to=<f...@example.com>,
> >> proto=SMTP, helo=<static-195-81-140-87.irtnet.net>
> >
> > Here's your problem Alex. You're using spamcop to outright block
> > on hit. This is not advised and is well known to cause FPs.
> > Spamcop hits are best scored with other DNSBL hits inside SA,
> > which does so automatically in a default config. Remove spamcop
> > from your postscreen configuration and that will fix this
> > problem.
The problem was not the existence of spamcop within the list. The
problem was the *scoring* of spamcop and the threshold of 1.
If you're going to set scores, USE them. Set the
postscreen_dnsbl_threshold *higher* than 1.
> Awesome, thanks. So psbl.surriel.com is okay to keep?
It's probably safer than spamcop, but the best answer is to check
their policies, test its performance, and see if it works for you.
The pre-postscreen way was to use "warn_if_reject reject_rbl_client
psbl.surriel.com" in your smtpd restrictions.
The postscreen way is, again, to raise your threshold score to ensure
it's never used:
postscreen_dnsbl_threshold = 9
postscreen_dnsbl_sites = zen.spamhaus.org*9, b.barracudacentral.org*9
bl.spameatingmonkey.net*9 dnsbl.njabl.org*7 dnsbl.ahbl.org*7
bl.spamcop.net*3 dnsbl.sorbs.net*3 spamtrap.trblspam.com*3
psbl.surriel.com [ ... other sites such as whitelists with
negative scores ... ]
In the example above, psbl.surriel.com would never trigger a
rejection. The extra one point would never be significant.
Note I am not recommending this; I am merely illustrating how the
scoring system can work. My own postscreen_dnsbl_threshold is 3, with
three tiers of DNSBL sites:
Tier 1, 3 points: reject with that site alone
Tier 2, 2 points: reject with that site plus any other
Tier 3, 1 point: reject with three of these sites
I'm not currently using psbl.surriel.com, but I'm sure it would be
fine in Tier 3. The whole point of Tier 3 is that it does NOT require
much confidence in those sites, but that when three of them agree,
there might be good reason to block.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
