I originally had incoming_smtpd_restrictions set to:
reject_unverified_recipient
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org,
permit
Later I added postscreen and commented out the reject_rbl_... entries. I
included in main.cf:
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = bl.spamcop.net zen.spamhaus.org=127.0.0.[2..11]
b.barracudacentral.org
This works as expected. However, I believe that postscreen is processed prior
to smtpd. I am experiencing a lot of emails that are being sent to
non-existent users. I don't have accurate counts, but the vast majority of
email is that. Postscreen is doing a DNS lookup for every one of those. It
seems it might be better to remove the dnsrbl from postscreen and reinstate the
reject_rbl statements into incoming_smtpd_restrictions. I believe that way,
only the mail that has a valid recipient will have the dns rbls checked. Am I
understanding this correctly? Thanks,
-- Doug
