Here's a proposed diff for the POSTSCREEN_README: rob0@harrier:~/stuff/postscreen.dnswl$ diff -Nru POSTSCREEN_README* --- POSTSCREEN_README 2013-04-12 03:34:16.000000000 +0000 +++ POSTSCREEN_README.new 2013-04-24 21:04:06.155395154 +0000 @@ -245,6 +245,7 @@
* Pregreet test * DNS White/blacklist test + * Skipping other tests for whitelisted clients * When tests fail before the 220 SMTP server greeting Pregreet test @@ -315,6 +316,17 @@ the combined DNSBL score is equal to or greater than the threshold. See "When tests fail before the 220 SMTP server greeting" below. +Skipping other tests for whitelisted clients + +The postscreen_skip_tests parameter lists the short names of tests which will +be skipped if a client's combined DNSBL score is less than or equal to +postscreen_skip_tests_threshold. This only makes sense when using whitelists +with negative weights in the postscreen_dnsbl_sites list. + +The tests which can be skipped are all but the DNSBL test itself. The default +is to perform the blacklist and MX policy tests, but skip the greet test and +all the "deep protocol" tests, described below. + When tests fail before the 220 SMTP server greeting When the client address matches the permanent blacklist, or when the client @@ -612,6 +624,7 @@ postscreen_dnsbl_threshold = 2 postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1 + list.dnswl.org*-1 swl.spamhaus.org*-1 Note: if your DNSBL queries have a "secret" in the domain name, you must censor this information from the postscreen(8) SMTP replies. For example: -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: