On 3 Mar 2018, at 14:25, J Doe wrote:
Should I then continue to use postscreen for the zombie detection but then move
my DNSRBL entries to smtpd restrictions ?
I forgot to add: when you use dnsbl entries at postscreen level, you
apparently won't need them in other postfix restrictions.
if you use spam filter e.g. spamassassin, leave the rest on it.
On 2018-03-05 6:39, Bill Cole wrote:
Not all DNSBLs are equivalent. SOME are suited for use in postscreen
as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL
configuration should be designed to only block IPs that *only* send
spam. There are DNSBLs designed to be hyper-sensitive, to not give any
sender a free pass, and to generate occasional collateral damage.
There are DNSBLs designed to be used in complex anti-spam systems and
NOT as a unilateral basis for blocking. Those sorts of DNSBL should
not be used in postscreen with a score at or above
postscreen_dnsbl_threshold.
On 05.03.18 08:59, Karol Augustin wrote:
Would you mind sharing which RBLs you recommend to use in postscreen?
On 05.03.18 16:54, Matus UHLAR - fantomas wrote:
I don't see problems having spamhaus, sorbs and spamcop at postscreen level,
especially when someone adds e.g. dnswl weighing -1 too.
veri simple example:
postscreen_dnsbl_sites = zen.spamhaus.org, dnsbl.sorbs.net, bl.spamcop.net,
list.dnswl.org*-1
you can play with weighing blacklists and whitelists, and/or tuning
postscreen_dnsbl_threshold
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
