Matt Saladna:
> Hello,
>
> When specifying a range of responses to ignore in postscreen_dnsbl_sites
> it appears that if a weight is zero it is ignored in favor of a non-zero
> weight.
Coming back to this thread, please ignore my previuous responses
about order dependence. They were wrong.
Simply, postscreen will add up the weights from all matching patterns
in postscreen_dnsbl_sites. I think that the documentation never
promised that postscreen would evaluate only a subset of patterms.
Since addition is a commutative operation, the order of patterns in
postscreen_dnsbl_sites does not matter, that is, there simply is
no precedence.
Instead of using a pattern with zero weight, you can specify a
negative weight to prevent a site from being blocked. This is how
I exclude clients with list.dnswl.org:
postscreen_dnsbl_sites = ... list.dnswl.org=127.0.[0..255].[1..3]*-2
Just like postscreeen has postscreen_dnsbl_threshold for blocking
clients (default: 1), it has postscreen_dnsbl_allowlist_threshold
for allowing clients (default: 0).
Wietse
