On 23.11.22 01:58, Doug Hardie wrote:
I originally had incoming_smtpd_restrictions set to:
reject_unverified_recipient
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org,
permit
Later I added postscreen and commented out the reject_rbl_... entries. I
included in main.cf:
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = bl.spamcop.net zen.spamhaus.org=127.0.0.[2..11]
b.barracudacentral.org
This works as expected. However, I believe that postscreen is processed
prior to smtpd. I am experiencing a lot of emails that are being sent to
non-existent users. I don't have accurate counts, but the vast majority
of email is that. Postscreen is doing a DNS lookup for every one of
those. It seems it might be better to remove the dnsrbl from postscreen
and reinstate the reject_rbl statements into incoming_smtpd_restrictions.
I believe that way, only the mail that has a valid recipient will have the
dns rbls checked. Am I understanding this correctly? Thanks,
If you want to spare yourself from DNS lookups, you can do that.
Note that you may be careful and not to reject mail unless it appears in
more than one DNSBL, or if it appears in e.g. DNSWL, in which case
postcreen is better.
Also, postscreen is great at rejecting bots that talk prior to ESMTP banner is
sent to them.
so I personally risk a few DNS lookups but benefit of weighing DNSBLs and
use lookups at postscreen level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines.
