On Sun, May 27, 2018 3:22 am, /dev/rob0 wrote: > The obvious solution, if dnsbl.spfbl.net is blocking real mail, is to > stop using that list, or possibly to lower its score below your [unstated] > threshold score.
Thanks for all replies and comments! I guess my starting point should be that, lower the score ? sorry, the actual setup is, advice/suggestion appreciated: # grep postscreen main.cf postscreen_command_count_limit = 8 postscreen_command_time_limit = 30 postscreen_dnsbl_threshold = 3 postscreen_dnsbl_whitelist_threshold = -1 postscreen_blacklist_action = DROP postscreen_dnsbl_action = ENFORCE postscreen_greet_action = ENFORCE postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_dnsbl_threshold = 3 postscreen_dnsbl_whitelist_threshold = -1 postscreen_dnsbl_sites = zen.spamhaus.org*5, psbl.surriel.com*2, bl.spamcop.net*2, dnsbl.spfbl.net*2, db.wpbl.info, dnsbl.dronebl.org, pofon.foobar.hu, bl.ipv6.spameatingmonkey.net*2,dnsbl6.anticaptcha.net, bl.spameatingmonkey.net*2, bl.mailspike.net, b.barracudacentral.org*2, dnsbl.sorbs.net, ubl.unsubscore.com, truncate.gbudb.net, list.dnswl.org*-3, zz.countries.nerd.dk=127.0.3.58*-1 > Another choice is DNS whitelisting: > 145.65.91.152.list.dnswl.org. 10800 IN TXT "sge.net > https://dnswl.org/s/?s=36576"; > 145.65.91.152.list.dnswl.org. 10800 IN A 127.0.9.2 I think I'd rather avoid this path, if I can > For more information I would refer you to my page on postscreen; > please see the link below, in the .sig . thanks, I'll read it today (and try to understand) > While the helo/ehlo is logged, that's not usable either, because > once postscreen decides to talk to a client, that client is already > blocked. > > If you're not going to take the advice above, your only other option > would be to whitelist the IP address[es]. Oh, also, you could talk to the > DNSBL operator about theit listing criteria, and/or to the > sending site about getting delisted. I guess 'health' outsources their email to verizon - whilst I'll try to contact them, I don't like my chances at getting too far - but never know. I've struck probs with health/verizon a while back, I think, last time i came across it, by the time I;ve looked, they were already delisted thanks again, Voytek
