Fongaboo: > > I'm running Postfix 2.11.7 on FreeBSD 10.2-RELEASE. > > Just wanted to get folks' opinions/rationale/thoughts on behavior of some > of the RBL's. > > Specifically SORBS.NET... I first set up my server using a popular FreeBSD > tutorial. SORBS.NET was included in a list of recommended RBL's in the > latest incarnation of that tutorial. > > But it seemed like every other day I was whitelisting servers of > mainstream providers like Gmail and Facebook. They seem to be... how do I > say... extremely absolutist in their protocol for blacklisting? So at the > end of the day it ends up not being practically useful. > > I first tried whitelisting IP blocks as I found problems, but it's been a > constant game of whack-a-mole (or *un*-whack-a-mole, in this context, > rather?). So I finally decided to remove their reject_rbl_client entries in > main.cf. > > Every issue with misidentified rejections has been due to SORBS. Have > others had similar experiences or different approaches?
sorbs.net is at a different point on the ROC curve(*) than some other DNS reputation lists. If you're concerned about blocking legitimate email, don't give them 'veto' power as with smtpd, but use them in a weighted fashion, as with postscreen or spamassassin. (*) https://en.wikipedia.org/wiki/Receiver_operating_characteristic Wietse
