In message <c2f5f6c7-83f0-4206-87f1-4ca72b91a...@kreme.com> "@lbutlr" writes: > On Fri Mar 11 2016 12:21:07 Noel Jones <njo...@megan.vbhcs.org> said: > >=20 > > This problem (postscreen delays legit mail server) is nicely solved > > by using a dns whitelist such as dnswl.org to bypass postscreen > > tests for known mail servers... not necessarily "known good" > > servers, just known to not be a bot. Then your smtpd and content > > filtering can decide if you want the mail. > > $ postconf -nf postscreen_dnsbl_sites > postscreen_dnsbl_sites =3D dul.dnsbl.sorbs.net*1 > zen.spamhaus.org=3D127.0.0.[10..11]*4 = > zen.spamhaus.org=3D127.0.0.[4..7]*6 > zen.spamhaus.org=3D127.0.0.3*6 zen.spamhaus.org=3D127.0.0.2*6 > spam.dnsbl.sorbs.net*2 multi.surbl.org*2 dnsbl-1.uceprotect.net > dnsbl-2.uceprotect.net list.dnswl.org=3D127.0.[0..255].0*-3 > list.dnswl.org=3D127.0.[0..255].1*-4 = > list.dnswl.org=3D127.0.[0..255].[2..255]*-6 > dwl.spamhaus.org=3D127.0.2.[2;3]*-3 = > swl.spamhaus.org=3D127.0.2.[12;13]*-3 > > I think yahoo maybe was only looking at the primary DNS which had gone = > offline because of the fixed IP issue, and no one else seemed to notice = > since the other DNS servers were working fine.
Are you saying they only looked at the primary NS record? Maybe I misread a prior post but I thought you meant primary MX record. The former, if true, would be even more broken. Curtis
