On Wed, Dec 2, 2015 at 9:54 AM, Bryan K. Walton <bwal...@leepfrog.com> wrote:
> On Wed, Dec 02, 2015 at 12:49:05PM -0500, Bill Cole wrote: > > Alternative (and I think better) random guess: you've enabled one or more > > "after 220 server greeting" test. See the postscreen man page for the > > consequences of such configuration and note that there's no law requiring > > retry delivery of a deferred message to be done via the same IP as any > prior > > delivery attempt, and a big complex mail system built for high > availability > > is likely to NOT do so. > > We do make use of those. However, we are also using > postscreen_dnsbl_whitelist_threshold. The hosts in question are scoring in > the negative numbers and SHOULD be exempt from the after 220 greeting > tests. As mentioned in my first email, the host in question is scoring > -8. I'm whitelisting any host that scores below -2. At the risk of sounding spammy for my latest pet project, Bryan's use case is exactly the type of issue an SPF-based whitelist for known senders (such as outlook.com) would fix. Bryan: grab the postwhite script (https://github.com/stevejenkins/postwhite), set "microsoft=yes" and everything else to "no" for starters, add a new .cidr whitelist for Postscreen, and then as long as you trust MSFT to send from IPs published their SPF record, messages from outlook.com should fly right through Postscreen. SteveJ
