I'm running Postfix 2.11.0 on Ubuntu 14.04.2 LTS. I wonder whether the default value for postscreen_cache_retention_time (7 days) may be too high for my situation.
I get a lot of spam despite using postscreen, and when I manually look up the IP addresses of some of the sites that send me spam, I often find that they are listed in DNSBL's which I have included (with high values) in postscreen_dnsbl_sites. I think what might be happening in some cases is that a new spam site sends me something (which I accept because the site is new and hasn't made it onto any DNSBLs yet) -- and soon thereafter, that site gets picked up by Spamhaus and other DNSBLs -- but I'll continue to accept mail from the site because I saw (and whitelisted) the site before the DNSBLs started blacklisting it, and postscreen is going to cache that whitelisting for several more days. Should I consider reducing my postscreen_cache_retention_time -- possibly to a few hours? Is that likely to have some unintended and unwanted side effects? I'm attaching a gzip'ed copy of the "postconf -n" output from one of my MX servers. Rich Wales ri...@richw.org
richw-org-postconf.txt.gz
Description: application/gzip
