For me, implementing postscreen has made a significant difference with the spam. I had a problem with false positives before I started using postscreen and that seemed to be using the sorbs rbl which in turn forced me to use the rbl_override. Sorbs seems to be very aggresive and not worth the effort. I have since removed it so hopefully this will eliminate the need for rbl_override.
On another topic, I had an issue the other day where an outside sender was trying to send e-mail to an internal recipient and their e-mail was getting delayed due to a DNS issue on their end. The exact error was: (Host or domain name not found. Name service error for name=rotary.org type=MX: Host not found, try again) I'm assuming this was happenning due to the reject_unknown_sender_domain in my smtpd_recipient_restrictions. It eventually got fixed and the e-mail was able to get delivered however in the meantime what would be the best way to bypass that person's e-mail address so that e-mail will still get delivered even though their server is misconfigured? Thanks in advance ________________________________ From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] on behalf of Stan Hoeppner [s...@hardwarefreak.com] Sent: Wednesday, May 22, 2013 4:33 PM To: postfix-users@postfix.org Subject: Re: postscreen questions On 5/22/2013 10:02 AM, Noel Jones wrote: ... > Secondly, remember postscreen is intended as a quick-and-simple > zombie killer, its only purpose is to reduce the workload on the > more complex filters further downstream. This fact is not emphasized often enough. Many people forget the intended purpose of postscreen, or simply never read the opening of the docs, and falsely see it as a replacement for smtpd_foo_restricions, policy daemons, firewalls, etc. This is a direct result of the feature creep late in the development of postscreen. While the added features are beneficial to some, they are not a replacement for most of the existing antispam features of Postfix and popular addons. In fact, for low volume servers, using postscreen can be more trouble than it's worth according to many posts here, especially if 'after 220' tests are enabled without fully understanding the ramifications. I've personally never configured postscreen. Why? 1. My servers are low volume 2. I've never had problems with bots eating up smtpds 3. I reject in smtpd w/3 dnsbls and 3 rhsbls and this has worked great I'll make an educated guess that many folks here have configured postscreen simply because it was/is "the new thing", without considering whether they -needed- it or not. Many have run into the same address based whitelisting problem mentioned here, and either ditched postscreen, or spent hours/days trying to tweak it just right. My advice is to avoid postscreen unless bots are eating up your smtpds. If they're not, and your current setup works well, you gain little, or nothing, by using postscreen, but for headaches integrating it. -- Stan
smime.p7s
Description: S/MIME Cryptographic Signature
