> On 14 July 2021, at 06:12, Wietse Venema <wie...@porcupine.org> wrote:
>
> Doug Hardie:
>>
>>> On 12 July 2021, at 18:27, Wietse Venema <wie...@porcupine.org> wrote:
>>>
>>> Doug Hardie:
>>>> I have a postfix server that uses postscreen. However, occasionally
>>>> a needed mail is blocked by one of the spam services. Is there a
>>>> way to bypass postscreen for just one or more specific addresses
>>>> for a short time?
>>>
>>> http://www.postfix.org/postconf.5.html#postscreen_access_list
>>> http://www.postfix.org/POSTSCREEN_README.html#quick
>>>
>>
>> I went through those earlier. I have configured:
>>
>> postscreen_access_list = permit_mynetworks,
>> cidr:/usr/local/etc/postfix/access.cidr
>
> You also need to set postscreen_denylist_action (or
> postscreen_blacklist_action).
>
> Wietse
Perhaps I am a bit confused. The web page says:
To use the postscreen(8) service to block mail, edit main.cf and specify one or
more of:
• "postscreen_dnsbl_action = enforce", to reject clients that are on
DNS blocklists, and to log the helo/sender/recipient information. With good
DNSBLs this reduces the amount of load on Postfix SMTP servers dramatically.
• "postscreen_greet_action = enforce", to reject clients that talk
before their turn, and to log the helo/sender/recipient information. This stops
over half of all known-to-be illegitimate connections to Wietse's mail server.
It is backup protection for zombies that haven't yet been denylisted.
I have both of those set to enforce. Here is the complete postscreen section
of main.cf:
# postscreen spam filtering
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = bl.spamcop.net zen.spamhaus.org b.barracudacentral.org
postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/access.cidr
#
That seems to work as I see numerous spam being blocked by those dnsbl sites.
Am I missing something?
-- Doug
