On Mon, Oct 03, 2016 at 02:59:08PM -0400, Fongaboo wrote: > > On Mon, 3 Oct 2016, Sean Greenslade wrote: > > > I personally don't use RBLs as hard blocks. Instead, I have them set up > > in my spam filter (SpamAssassin) with different weights. That way, if > > one particular RBL is acting up, I can de-weight it and keep an eye on > > it without it affecting delivery. > > > > The only mail that my server outright rejects is SPF failures on my > > domains, and mail to invalid addresses. Everything else either gets > > delivered or put into spam. I personally feel like this is the best > > setup, since it is least likely to cause invisible problems. I'd rather > > a few sketchy mails slip through than have legitimate emails bounce. > > > > --Sean > > Thanks! This sounds like a good idea for sure. Would you be willing to share > some clue of how you have this configured? Do you pull all references to any > RBLs out of main.cf and do they all go into SA config files?
Basically, yes. I use a milter on the incoming port 25 smtpd to pipe the messages to spamc, then they get dumped into a sorting maildir. Then I have a script that inspects the SA headers and sorts the mail either into the inbox or the spam dir, and also does some flagging, muting, alerts, and other miscellaneous stuff that's specific to my mail setup. I use a virtual mailbox hashmap to define my users, any mails not covered by those get 550'd. I use a check_policy_service and smtpd_sender_restrictions to enforce the SPF blocking on my domains only. As far as configuring spamassassin, most of the RBLs should work straight out of the box. If you run into issues with your requests getting blocked, you may need to run a local resolving DNS server. --Sean
