On 3 Mar 2018, at 14:25, J Doe wrote:
Should I then continue to use postscreen for the zombie detection but
then move my DNSRBL entries to smtpd restrictions ?
Apologies for belabouring the point - I’m just not understanding.
Not all DNSBLs are equivalent. SOME are suited for use in postscreen as
absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration
should be designed to only block IPs that *only* send spam. There are
DNSBLs designed to be hyper-sensitive, to not give any sender a free
pass, and to generate occasional collateral damage. There are DNSBLs
designed to be used in complex anti-spam systems and NOT as a unilateral
basis for blocking. Those sorts of DNSBL should not be used in
postscreen with a score at or above postscreen_dnsbl_threshold.
