> Yes, that should whitelist known good sites from deep inspection, > certainly all the big mailers such as google, yahoo, comcast, etc. > > However, I wonder why you don't have any dns blacklists such as > zen.spamhaus.org defined there. The ability of postscreen to reject > known bad sites without using precious smtpd processes is one of its > key features. > > I would just rather have a false negative than a false positive. I > get a pretty small amount of spam at this point so I don't think > reducing it further is worth increasing the chances of a false > positive. > > > From what (little) I know about how postscreen works, rejecting the known > bad sites doesn't really have any (substantive) chance of false positives, > but it provides much more than just protection from spam - it protects you > from the botnets/zombies hammering your server needlessly.
Do you mean there aren't any legitimate servers listed in zen.spamhaus.org? When I switched servers a while back, the new IP I received was listed on several blacklists and it was a hassle to get them removed. - Grant
