/dev/rob0: > I finally got around to my upgrade to 2.11-20130405 and was watching > logs. A gmail message fell afoul of the after-220 tests; each time it > came from a different host. Each one got a "PASS NEW" and of course > the "450 4.3.2 Service currently unavailable" rejection. > > These gmail outbounds are all listed in list.dnswl.org as 127.0.5.1, > and I give that a negative score in my postscreen_dnsbl_sites. So > with no offsetting DNSBL scores, these hosts all got a subzero score. > It would be nice if we could put those whitelist scores to work, and > not have to maintain so big of a postscreen_access_list whitelist.
Disabling tests based on DNSWL score would make sense (currently they "disable" DNSBL tests only). Perhaps this needs a "disable" flag in the postscreen cache. Wietse