Hi,
I'm using postfix-3.1.4 on fedora. I've just noticed I've configured
both postscreen to use spamhaus and other RBLs as well as have
configured the reject_rhsbl_* options. Is this duplicative and
unnecessary?
I've posted what I think are the relevant pieces in hopes someone
could review and clarify.
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
reject_rhsbl_helo mykey.dbl.dq.spamhaus.net,
check_sender_access hash:/etc/postfix/check_backscatterer,
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
check_policy_service unix:private/policy-spf,
check_policy_service inet:127.0.0.1:2501,
check_recipient_access pcre:/etc/postfix/relay_recips_access,
permit
smtpd_client_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/client_checks,
check_reverse_client_hostname_access
pcre:/etc/postfix/fqrdns-042715a.pcre,
check_reverse_client_hostname_access
pcre:/etc/postfix/reverse_client_hostname_access.pcre,
check_client_access cidr:/etc/postfix/client_access_blocklist
check_client_access cidr:/etc/postfix/ransomware-ipbl
postscreen_dnsbl_ttl = 10m
postscreen_access_list =
permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr,
cidr:/etc/postfix/gmail_whitelist.cidr,
cidr:/etc/postfix/postscreen_spf_whitelist.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:11}s
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_reply_map =
texthash:$config_directory/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites =
mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
score.senderscore.com=127.0.4.[0..19]*3
score.senderscore.com=127.0.4.[20..29]*3
score.senderscore.com=127.0.4.[30..49]*2
score.senderscore.com=127.0.4.[50..59]*1
score.senderscore.com=127.0.4.[60..69]*1
score.senderscore.com=127.0.4.[70..79]*-1
score.senderscore.com=127.0.4.[80..89]*-2
score.senderscore.com=127.0.4.[90..100]*-4
b.barracudacentral.org*7
mykey.zen.dq.spamhaus.net=127.0.0.[4..7]*6
bl.mailspike.net*4
bl.spamcop.net*4
bl.spameatingmonkey.net*4
mykey.zen.dq.spamhaus.net=127.0.0.3*4
ubl.unsubscore.com=127.0.0.2*1
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
dnsbl.sorbs.net=127.0.0.[10;14]*8
dnsbl.sorbs.net=127.0.0.5*7
dnsbl.sorbs.net=127.0.0.7*4
dnsbl.sorbs.net=127.0.0.6*3
dnsbl.sorbs.net=127.0.0.[8;9]*2
dnsbl.sorbs.net=127.0.0.4*1
