> On Nov 1, 2018, at 11:30 AM, Bill Cole
> <postfixlists-070...@billmail.scconsult.com> wrote:
>
> I intend to experiment with postscreen on 587 on the next Postfix
> system I work with where compromised accounts are a problem.
Don't waste your time. Postscreen cannot help you with this.
Postscreen maintains dynamic IP-address whitelists/blacklists,
which are of little use in submission, because submission users
routinely use dynamic IP addresses.
Also MUAs are interactive, and users are not terribly fond of
having their mail submission temporarily rejected and having
to try again later. Postscreen never accepts a message on
the first try when the IP address is not already whitelisted.
Postscreen also gets most of its effectiveness from RBLs,
these too are not terribly appropriate for submission, as
legitimate submission users will dynamically get IPs that
botnets have previously abused.
You probably know all this, and perhaps you'll still be able
to figure out some usable deployment model, but I'm not
optimistic...
--
--
Viktor.
