On Wed, Apr 24, 2013 at 11:27:41PM +0200, Jeroen Geilman wrote: > On 04/24/2013 11:23 PM, Steve Jenkins wrote: > >On Tue, Apr 23, 2013 at 12:41 PM, /dev/rob0 <r...@gmx.co.uk>: > > > > With those restrictions, you could just as well raise the > > corresponding postscreen_dnsbl_sites scores to 3 for each. > > ISTM that you're missing the point of scoring. > > > > Yes, as I mentioned, Zen and (for most domains) BRBL listings > > are good enough for outright rejection, but I would not do > > that for Spamcop nor PSBL. Both of those are driven by > > automated processes which could result in "false positives". > > > > > >Thanks - I see that now. My smtpd_recipient_restrictions now > >include these as the final config options before "permit": > > > > reject_rbl_client b.barracudacentral.org, > > reject_rbl_client zen.spamhaus.org > > These make any deviation in scoring for zen and barracuda in > POSTSCREEN irrelevant. > The reject_rbl_client results are not weighted; they're fail/pass.
True, but for all we know they could be preceded by a check_policy_service or permit_dnswl_client restriction. > I'd just remove them here. I disagree. I like having a fallback in case something went awry with the postscreen_dnsbl_sites lookups. Maybe the replies arrived too late? Now, for smtpd, our named has these queries cached, so it will be instant. > (You still don't have the hang of scoring.) Again, can't say. I'd have the Zen higher, before most whitelisting, but yes, BRBL belongs down there at the end. And then too is the "Steve's server, Steve's rules" issue. If it's meeting his needs, that's what matters. :) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
