On 12/25/2012 9:26 PM, Alex wrote: > Hi, > >>> My postscreen config contains: >>> postscreen_access_list = permit_mynetworks, >>> cidr:/etc/postfix/postscreen_access.cidr >>> postscreen_dnsbl_threshold = 1 >>> postscreen_dnsbl_action = enforce >>> postscreen_greet_action = enforce >>> postscreen_blacklist_action = enforce >>> postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*2 >>> bl.spamcop.net*1 b.barracudacentral.org*1 psbl.surriel.com*1 >> >> >> I see. Perhaps you intended postscreen_dnsbl_threshold = 2 with the >> above RBLs and weights. > > Yes, exactly. I actually had it at 2, based on the examples from the > postscreen README. I think I got confused when Stan wrote back in > November (during our whole snowshoe thread conversation) that I should > set the postscreen weighting so any hit causes a reject, but he > probably didn't realize I had spamcop among those RBLs.
I did. But note what I said in that thread: On 11/22/2012 2:19 AM, Stan Hoeppner wrote: > With any of the reputable DNSBLs you should > probably outright block, not score. So set postscreen weighting so > any hit causes a rejection. If you are FP averse, simply duplicate > your postscreen DNSBL config in SMTPD with 'WARN_IF_REJECT' and do a > log comparison to see what additional clients would be rejected. If > you're not seeing warnings on ham, go live. Note that I recommended testing before going live without scoring but direct rejection, and gave instructions on how to do so. If you'd done that you'd have seen the FPs from spamcop before going live. -- Stan
