[pfx] Re: Reduce rbldns use? postscreen_dnsbl_sites

Nothing in Postfix prevents you from developing stateful policies where repated 'good' clients become longer-term allowlisted, and repated 'bad' clients become longer-term denylisted, for some subjective definitions of 'good', 'bad', 'long' and 'short'. In the case of botnet spam, this will make li

[pfx] Re: Reduce rbldns use? postscreen_dnsbl_sites

On 2025-01-24 16:35, Wietse Venema via Postfix-users wrote: > > This perceived problem is already optimized away with caching. On > my system 93% of connections are from repeat clients. $ journalctl -t postfix/postscreen | grep -i ']: CONNECT from' | cut -f4 -d':' | wc -l 13973 $ journalctl -t p

[pfx] Re: Reduce rbldns use? postscreen_dnsbl_sites

MRob via Postfix-users: > On 2025-01-23 20:25, Randy Bush via Postfix-users wrote: > >> I'm using zen.spamhaus.org for blocking and list.dnswl.org (with > >> filter) > >> for allowlisting. > >> > >> zen.spamhaus.org*2 list.dnswl.org=127.0.[0..255].[1..3]*-2 > > > > Question occur to me, is

[pfx] Re: Reduce rbldns use? postscreen_dnsbl_sites

On 2025-01-24 11:04, MRob via Postfix-users wrote: > > Question occur to me, is there way to cease dnsrbl lookups once > threshold is met? I think answer is "no" because Postscreen canot guess > if there will be whitelist next. > > Could be nice if there's trick to do: > * keep whitelist/blackl

[pfx] Re: Reduce rbldns use? postscreen_dnsbl_sites

On 2025-01-23 20:25, Randy Bush via Postfix-users wrote: I'm using zen.spamhaus.org for blocking and list.dnswl.org (with filter) for allowlisting. zen.spamhaus.org*2 list.dnswl.org=127.0.[0..255].[1..3]*-2 Question occur to me, is there way to cease dnsrbl lookups once threshold is me

[pfx] Re: Recommended postscreen_dnsbl_sites settings to get some security without too many blocked emails?

Christian Seberino via Postfix-users wrote: > postscreen_dnsbl_threshold = 2 > postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 > b.barracudacentral.org*1 > > Is there a "minimal" setting for these two variables that will > give *some* protection withou

[pfx] Re: Recommended postscreen_dnsbl_sites settings to get some security without too many blocked emails?

> I'm using zen.spamhaus.org for blocking and list.dnswl.org (with filter) > for allowlisting. > > zen.spamhaus.org*2 list.dnswl.org=127.0.[0..255].[1..3]*-2 excuse me for being overly literal and pedantic. is this postscreen_access_list = permit_mynetworks posts

[pfx] Re: Recommended postscreen_dnsbl_sites settings to get some security without too many blocked emails?

, but this is what I use: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2;4..11]*3 zen.spamhaus.org=127.0.0.3*2 b.barracudacentral.org=127.0.0.2*2 bl.spameatingmonkey.net=127.0.0.2*2 bl.spamcop.net=127.0.0.2 psbl.surriel.com=127.0.0.2 bl.mailspike.net=127.0.0.[2;10..12] list.dnswl.org=127.0.[2..

[pfx] Re: Recommended postscreen_dnsbl_sites settings to get some security without too many blocked emails?

Christian Seberino via Postfix-users: > I tried the following but it blocks emails even from my two legitimate > Gmail accounts... > > postscreen_dnsbl_threshold = 2 > postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 > b.barracudacentral.org*1 > > Is there

[pfx] Recommended postscreen_dnsbl_sites settings to get some security without too many blocked emails?

I tried the following but it blocks emails even from my two legitimate Gmail accounts... postscreen_dnsbl_threshold = 2 postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1 Is there a "minimal" setting for these two variables that will give *some*

[pfx] Re: Question about postscreen_dnsbl_sites

ble, and queries only the domains listed in postscreen_dnsbl_sites, which are guaranteed to respond quickly. postscreen WILL NOT query other domains because there are no response time guarantees. Wietse ___ Postfix-users mailing list -- postfix

[pfx] Re: Question about postscreen_dnsbl_sites

Ivan Ionut via Postfix-users: > > Hi, I'm using postscreen_dnsbl_sites to block some spam and I want some > domain/hosts/ip to bypass this option, like an whitelist. > > Does postscreen/postfix has this option? > Yes. Near the top of https://www.postfix.org/POSTSCREEN_R

[pfx] Question about postscreen_dnsbl_sites

Hi, I'm using postscreen_dnsbl_sites to block some spam and I want some domain/hosts/ip to bypass this option, like an whitelist. Does postscreen/postfix has this option? p.s. my postfix version: 3.6.4 -- Ivan Ionuț Str. Mircea cel Bătrân nr 1, Galati 800023 Tel/Fax: +40236 493277

Re: postscreen_dnsbl_sites precedence

Matt Saladna: > Hello, > > When specifying a range of responses to ignore in postscreen_dnsbl_sites > it appears that if a weight is zero it is ignored in favor of a non-zero > weight. Coming back to this thread, please ignore my previuous responses about order dependence.

Re: postscreen_dnsbl_sites questions about multiple matches.

On 30.05.22 14:02, Peter wrote: Next question: What happens if zen returns multiple responses: 127.0.0.10 127.0.0.3 postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[1..2]*3 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.[4..255]*3 On 30.05.22 10:06, Matus UHLAR - fantomas wrote

Re: postscreen_dnsbl_sites questions about multiple matches.

: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[1..255]*3 zen.spamhaus.org=127.0.0.3*-1 So presumably if 127.0.0.3 is returned it will initially get a score of 3 but then decrement it by 1 so it ends up with a score of 2, so first question: Will this work the way I want it to? yes, it should. Next

Re: postscreen_dnsbl_sites questions about multiple matches.

On 30/05/22 3:49 pm, Bill Cole wrote: I have no idea, but assigning scores to DNSBL return values that are not currently in use is quite optimistic and dangerous. Also, 127.0.0.1 specifically is an indicator of likely DNSBL malfunction. Well, spamhaus documents that 127.0.0.0/24 are for curre

Re: postscreen_dnsbl_sites questions about multiple matches.

specifically returns 127.0.0.3. What I think I can do is this: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[1..255]*3 zen.spamhaus.org=127.0.0.3*-1 So presumably if 127.0.0.3 is returned it will initially get a score of 3 but then decrement it by 1 so it ends up with a score of 2, so first

postscreen_dnsbl_sites questions about multiple matches.

First off my goal is that I want all zen.spamhaus.org entries to have a score of 3 except for CSS entries which should have a score of 2. zen returns 127.0.0.n for all entries and CSS specifically returns 127.0.0.3. What I think I can do is this: postscreen_dnsbl_sites = zen.spamhaus.org

Re: postscreen_dnsbl_sites precedence

Matt Saladna: > Is there any difference other than cognitive load between the two forms? > > postscreen_dnsbl_sites = > zen.spamhaus.org=127.[0..255].[0..254].[0..255]*2 > zen.spamhaus.org=127.255.255.[252;254;255]*0 This explicitly assigns wei

Re: postscreen_dnsbl_sites precedence

n simply assumes that patterns don't overlap. I think that a reasonable solution is to use only the first match in postscreen_dnsbl_sites. That code was not designed to handle overlapping patterns, and I see no value in trying to make it do such things. FYI knowing this I configured

Re: postscreen_dnsbl_sites precedence

On 12.03.22 11:50, Matt Saladna wrote: Is there any difference other than cognitive load between the two forms? postscreen_dnsbl_sites = zen.spamhaus.org=127.[0..255].[0..254].[0..255]*2 zen.spamhaus.org=127.255.255.[252;254;255]*0 versus postscreen_dnsbl_sites

Re: postscreen_dnsbl_sites precedence

ll patterns that match. The implementation simply assumes that patterns don't overlap. If you want a working solution now, I suggest using non-overlapping patterns: postscreen_dnsbl_sites = zen.spamhaus.org=127.[0..255].[0..254].[0..255]*2 zen.spamhaus.org=127.255.255.[252

Re: postscreen_dnsbl_sites precedence

On 2022-03-11 at 22:34:14 UTC-0500 (Fri, 11 Mar 2022 21:34:14 -0600) Matt Saladna is rumored to have said: Spamhaus began flagging Cloudflare's servers, 1.0.0.1/1.1.1.1 as public resolver resulting in the error message. Other DNSBLs pick up responsibility, so the judgment shouldn't rely square

Re: postscreen_dnsbl_sites precedence

On 2022-03-11 at 17:20:41 UTC-0500 (Sat, 12 Mar 2022 09:20:41 +1100) Phil Biggs is rumored to have said: Should the 127.255.255.[0..255] return codes really be weighted zero, given that they indicate an error? Absolutely. With .254 being use of a public/open resolver: https://www.spamh

Re: postscreen_dnsbl_sites precedence

Title: Re: postscreen_dnsbl_sites precedence Saturday, March 12, 2022, 2:37:15 AM, Matt Saladna  wrote: Hello, When specifying a range of responses to ignore in postscreen_dnsbl_sites it appears that if a weight is zero it is ignored in favor of a non-zero weight. mail_version=3.5.9

Re: postscreen_dnsbl_sites precedence

Matt Saladna: > postscreen_dnsbl_sites=zen.spamhaus.org=127.255.255.[252;254;255]*0 > zen.spamhaus.org*2 The implemenation is order-dependent. Postscreen maintains a list for zen.spamhaus.org, where the last entry appears first: zen.spamhaus.org: pattern=empty, we

Re: postscreen_dnsbl_sites precedence

On Fri, Mar 11, 2022 at 09:37:15AM -0600, Matt Saladna wrote: > When specifying a range of responses to ignore in postscreen_dnsbl_sites > it appears that if a weight is zero it is ignored in favor of a non-zero > weight. No. Rather, when the same source is listed twice, the weights

Re: whitelist scoring in postscreen_dnsbl_sites=?

On Fri, Apr 01, 2016 at 08:13:14AM -0700, jaso...@mail-central.com wrote: > I'm learning about whitelist scoring in postscreen_dnsbl_sites= > > /dev/rob0 mentioned using these > > postscreen_dnsbl_sites= >... BLACKLISTS ... >swl.spamhaus.o

Re: whitelist scoring in postscreen_dnsbl_sites=?

On Fri, Apr 1, 2016, at 12:21 PM, Noel Jones wrote: > dwl.spamhaus.org lists domain names and is not compatible with > postscreen, which only knows the IP. I needed to be reminded of that :-/ > dwl can be used in one of the > smtpd_*_restrictions sections. > http://www.postfix.org/postconf.5.h

Re: whitelist scoring in postscreen_dnsbl_sites=?

On 4/1/2016 10:13 AM, jaso...@mail-central.com wrote: > I'm learning about whitelist scoring in postscreen_dnsbl_sites= ... > > One of the servers that's been shown to me has, instead > > postscreen_dnsbl_sites= >... BLACKLISTS ... >dw

Re: whitelist scoring in postscreen_dnsbl_sites=?

jaso...@mail-central.com: > (1) Does order matter in [postscreen_dnsbl_sites]? There is no "order": the lookups happen in parallel. The result is computed when all replies are received, or when the greet_wait time limit is reached. Wietse

whitelist scoring in postscreen_dnsbl_sites=?

I'm learning about whitelist scoring in postscreen_dnsbl_sites= /dev/rob0 mentioned using these postscreen_dnsbl_sites= ... BLACKLISTS ... swl.spamhaus.org*-4 list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255]

Re: postscreen_dnsbl_sites load list to memory from external file

Uffe Jakobsen: > > On 2014-06-24 18:35, Wietse Venema wrote: > > > >> But it was not was I was looking for - because for various reasons the > >> userid that writes the dnsbl sites file has no permissions to write > >> main.cf nor realod postfix. > > > > Including data from an non-root account int

Re: postscreen_dnsbl_sites load list to memory from external file

On 2014-06-24 18:35, Wietse Venema wrote: But it was not was I was looking for - because for various reasons the userid that writes the dnsbl sites file has no permissions to write main.cf nor realod postfix. Including data from an non-root account into main.cf is not supported. Anyone who

Re: postscreen_dnsbl_sites load list to memory from external file

Am 24.06.2014 18:41, schrieb Viktor Dukhovni: > On Tue, Jun 24, 2014 at 12:35:15PM -0400, Wietse Venema wrote: >> Uffe Jakobsen: >>> Your installation or platform must be differeent from mine (FreeBSD) - I >>> have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/ >>> config di

Re: postscreen_dnsbl_sites load list to memory from external file

On Tue, Jun 24, 2014 at 12:35:15PM -0400, Wietse Venema wrote: > Uffe Jakobsen: > > Your installation or platform must be differeent from mine (FreeBSD) - I > > have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/ > > config dir. > > The idea is that you to create that Makefil

Re: postscreen_dnsbl_sites load list to memory from external file

Uffe Jakobsen: > Your installation or platform must be differeent from mine (FreeBSD) - I > have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/ > config dir. The idea is that you to create that Makefile. > But it was not was I was looking for - because for various reasons th

Re: postscreen_dnsbl_sites load list to memory from external file

On 2014-06-24 18:06, Viktor Dukhovni wrote: On Tue, Jun 24, 2014 at 05:55:47PM +0200, Uffe Jakobsen wrote: Feature request: It would be nice if the "postscreen_dnsbl_sites" list could be loaded into memory (once - upon start/reload) from an external file - that doesn't seem

Re: postscreen_dnsbl_sites load list to memory from external file

On Tue, Jun 24, 2014 at 05:55:47PM +0200, Uffe Jakobsen wrote: > Feature request: > > It would be nice if the "postscreen_dnsbl_sites" list could be loaded into > memory (once - upon start/reload) from an external file - that doesn't seem > to be possible right n

postscreen_dnsbl_sites load list to memory from external file

Hi, Feature request: It would be nice if the "postscreen_dnsbl_sites" list could be loaded into memory (once - upon start/reload) from an external file - that doesn't seem to be possible right now - or am I wrong ? /Uffe

Re: postscreen postscreen_dnsbl_sites order

Hi Wietse, Am 2013-09-04 23:45, schrieb wie...@porcupine.org: Marko Weber | ZBF: hello postfix list, maybe an easy quest for you. when i use multiple rbls in 'postscreen_dnsbl_sites' Yes... postscreen_dnsbl_sites = 1.list.org anotherlist.org nsafools.org obamaisadra

Re: postscreen postscreen_dnsbl_sites order

Marko Weber | ZBF: > hello postfix list, > > maybe an easy quest for you. > when i use multiple rbls in 'postscreen_dnsbl_sites' Yes... > postscreen_dnsbl_sites = >1.list.org >anotherlist.org >nsafools.org >obamaisadrama.org

postscreen postscreen_dnsbl_sites order

hello postfix list, maybe an easy quest for you. when i use multiple rbls in 'postscreen_dnsbl_sites' postscreen_dnsbl_sites = 1.list.org anotherlist.org nsafools.org obamaisadrama.org at example. are the entries of 'postscreen_dnsbl_sites' used in order like list

Re: postscreen_dnsbl_sites

On Tue, May 07, 2013 at 01:03:51PM -0600, Robert Lopez wrote: > What is not clear to me in that description is the reason for > my original question > "Does it matter what the short name returned is; that is could > I use zen.spamhaus.org just to keep it shorter?" In my example: http://rob

Re: postscreen_dnsbl_sites

Robert Lopez: > On Mon, May 6, 2013 at 3:10 PM, Wietse Venema wrote: > > Robert Lopez: > >> Let me try again. I am assuming the link between a line in the > >> dndsbl_reply file and the main.cf file is only a label and it could be > >> anything. > >> Is that a wrong assumption? > > > > Please des

Re: postscreen_dnsbl_sites

On Mon, May 6, 2013 at 3:10 PM, Wietse Venema wrote: > Robert Lopez: >> Let me try again. I am assuming the link between a line in the >> dndsbl_reply file and the main.cf file is only a label and it could be >> anything. >> Is that a wrong assumption? > > Please describe what is not clear about

Re: postscreen_dnsbl_sites

On Sat, May 04, 2013 at 06:48:36AM -0500, I wrote: > On Fri, May 03, 2013 at 06:27:15PM -0600, Robert Lopez wrote: > > I had > > postscreen_dnsbl_sites = zen.dq.spamhaus.org > > This is right. Let me try again also! I presume your lookup is actually against key.zen.dq.spam

Re: postscreen_dnsbl_sites

Jan P. Kessler: > > > Is it possible that the key is being exposed not from the > > postscreen_dnsbl_sites line but from a line also in main.cf which says > > the following? > > smtpd_client_restrictions = reject_rbl_client > > .zen.dq.spamhaus.net Yes. Po

Re: postscreen_dnsbl_sites

> Is it possible that the key is being exposed not from the > postscreen_dnsbl_sites line but from a line also in main.cf which says > the following? > smtpd_client_restrictions = reject_rbl_client .zen.dq.spamhaus.net Use rbl_reply_maps and a text without $rbl_domain: http://www

Re: postscreen_dnsbl_sites

Robert Lopez: > Let me try again. I am assuming the link between a line in the > dndsbl_reply file and the main.cf file is only a label and it could be > anything. > Is that a wrong assumption? Please describe what is not clear about the following text: postscreen_dnsbl_reply_map (default: empty

Re: postscreen_dnsbl_sites

being hidden): .zen.dq.spamhaus.net h.spamhaus.net In the main.cf file I have this line: postscreen_dnsbl_sites = h.spamhaus.net*1 I am assuming the h.spamhaus.net in main.cf is being rewritten to .zen.dq.spamhaus.net when postscreen uses the dnsbl. What I am seeing in testing is my gateway is

Re: postscreen_dnsbl_sites

Please disable HTML when posting to mailing lists. On Fri, May 03, 2013 at 06:27:15PM -0600, Robert Lopez wrote: > I had > postscreen_dnsbl_sites = zen.dq.spamhaus.org This is right. > and > postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply > in main.cf

Re: postscreen_dnsbl_sites

I had postscreen_dnsbl_sites = zen.dq.spamhaus.org and postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply in main.cf and I had .zen.dq.spamhaus.net<http://the-authorization-key-was-here.zen.dq.spamhaus.net> zen.dq.spamhaus.org in the /etc/posrfix/dnsbl_reply file. One of many

Re: postscreen_dnsbl_sites

On 5/3/2013 9:33 PM, Robert Lopez wrote: If in /etc/postfix/dnsbl_reply file there is a line: the-authorization-key-was-here.zen.dq.spamhaus.net zen.dq.spamhaus.org And in main.cf there

postscreen_dnsbl_sites

If in /etc/postfix/dnsbl_reply file there is a line: the-authorization-key-was-here.zen.dq.spamhaus.net zen.dq.spamhaus.org And in main.cf there is the line: postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply Should the line in main.cf for "postscreen_dnsbl_siter = " use the long

Re: postscreen_dnsbl_sites vs. reject_rbl_client

Rich Wales: > Another thing I think I see about postscreen is that it apparently will only > look up IP addresses. There doesn't seem to be any "postscreen_rhsbl_sites" > feature (which might allow me to move my current reject_rhsbl_client and > permit_rhswl_client checks into postscreen). Is suc

Re: postscreen_dnsbl_sites vs. reject_rbl_client

On Wed, Jun 08, 2011 at 10:05:05AM -0700, Rich Wales wrote: > Another thing I think I see about postscreen is that it apparently > will only look up IP addresses. There doesn't seem to be any > "postscreen_rhsbl_sites" feature (which might allow me to move my > current reject_rhsbl_client and p

Re: postscreen_dnsbl_sites vs. reject_rbl_client

On 6/8/2011 12:05 PM, Rich Wales wrote: Another thing I think I see about postscreen is that it apparently will only look up IP addresses. There doesn't seem to be any "postscreen_rhsbl_sites" feature (which might allow me to move my current reject_rhsbl_client and permit_rhswl_client checks int

Re: postscreen_dnsbl_sites vs. reject_rbl_client

Another thing I think I see about postscreen is that it apparently will only look up IP addresses. There doesn't seem to be any "postscreen_rhsbl_sites" feature (which might allow me to move my current reject_rhsbl_client and permit_rhswl_client checks into postscreen). Is such a thing planned, n

Re: postscreen_dnsbl_sites vs. reject_rbl_client

On Tue, Jun 07, 2011 at 07:03:34AM -0400, Wietse Venema wrote: > Note the following difference. > > postscreen caches that the client IS NOT listed in DNSBL. > It doesn't cache clients that are listed. > > DNS servers cache that the client IS listed in DNSBL. > They don't cache non-existent DNS

Re: postscreen_dnsbl_sites vs. reject_rbl_client

Rich Wales: > > Note that postscreen caches the results of successful tests, > > so that it does not repeat every test for every connection. > > This is controlled by the postscreen_mumble_ttl parameters. > > Some caching may also be done by my DNS server too, right? This would, > of course, be t

Re: postscreen_dnsbl_sites vs. reject_rbl_client

* Rich Wales : > value from a given list. (I won't go into the details, they would be > off-topic here, but it's nice to have this capability.) It will probably start a flamewar, but I personally am interested in your particular weights on the different RBLs -- Ralf Hildebrandt Geschäftsbere

Re: postscreen_dnsbl_sites vs. reject_rbl_client

* Rich Wales : > If I enable postscreen and specify my choice of blocklists and whitelists > in postscreen_dnsbl_sites, am I correct in assuming that I might as well > remove any reject_rbl_client and permit_dnswl_client clauses from my > smtpd_*_restrictions, since they will now

Re: postscreen_dnsbl_sites vs. reject_rbl_client

s would, > of course, be transparent to Postfix and would depend on the TTL info > from the whitelist / blocklist. > > It appears, based on my server's logs, that postscreen always queries > every site I name in postscreen_dnsbl_sites -- subject, of course, to > caching by my

Re: postscreen_dnsbl_sites vs. reject_rbl_client

o Postfix and would depend on the TTL info from the whitelist / blocklist. It appears, based on my server's logs, that postscreen always queries every site I name in postscreen_dnsbl_sites -- subject, of course, to caching by my DNS server and by postscreen's own TTL settings. I'd th

Re: postscreen_dnsbl_sites vs. reject_rbl_client

Rich Wales: > If I enable postscreen and specify my choice of blocklists and whitelists > in postscreen_dnsbl_sites, am I correct in assuming that I might as well > remove any reject_rbl_client and permit_dnswl_client clauses from my > smtpd_*_restrictions, since they will now

Re: postscreen_dnsbl_sites vs. reject_rbl_client

> On the interfaces and ports that postscreen(8) passes mail to, yes. > Do note that the behaviour is different; you will be able to directly > transplant your reject_rbl_client RBLs to postscreen, but postscreen > has many more options available, such as checking for exact return > values, and sco

Re: postscreen_dnsbl_sites vs. reject_rbl_client

On 6/6/2011 5:34 PM, Jeroen Geilman wrote: On 06/06/2011 10:45 PM, Rich Wales wrote: If I enable postscreen and specify my choice of blocklists and whitelists in postscreen_dnsbl_sites, am I correct in assuming that I might as well remove any reject_rbl_client and permit_dnswl_client clauses

Re: postscreen_dnsbl_sites vs. reject_rbl_client

On 06/06/2011 10:45 PM, Rich Wales wrote: If I enable postscreen and specify my choice of blocklists and whitelists in postscreen_dnsbl_sites, am I correct in assuming that I might as well remove any reject_rbl_client and permit_dnswl_client clauses from my smtpd_*_restrictions, since they will

postscreen_dnsbl_sites vs. reject_rbl_client

If I enable postscreen and specify my choice of blocklists and whitelists in postscreen_dnsbl_sites, am I correct in assuming that I might as well remove any reject_rbl_client and permit_dnswl_client clauses from my smtpd_*_restrictions, since they will now be redundant? Rich Wales ri

Re: postscreen_dnsbl_sites filter syntax?

Wietse Venema: > > * Wietse Venema : > > > Victor Duchovni: > > > > On Tue, Jan 18, 2011 at 03:56:45PM -0500, Wietse Venema wrote: > > > > > > > > > Something along the lines of: > > > > > > > > > > /* > > > > > * Workaround. The "," was already in use as dnsbl list separator. > > > > >

Re: postscreen_dnsbl_sites filter syntax?

Patrick Ben Koetter: > * Wietse Venema : > > Victor Duchovni: > > > On Tue, Jan 18, 2011 at 03:56:45PM -0500, Wietse Venema wrote: > > > > > > > Something along the lines of: > > > > > > > > /* > > > > * Workaround. The "," was already in use as dnsbl list separator. > > > > */ > >

Re: postscreen_dnsbl_sites filter syntax?

* Patrick Ben Koetter : > * Wietse Venema : > > Victor Duchovni: > > > On Tue, Jan 18, 2011 at 03:56:45PM -0500, Wietse Venema wrote: > > > > > > > Something along the lines of: > > > > > > > > /* > > > > * Workaround. The "," was already in use as dnsbl list separator. > > > > */ >

Re: postscreen_dnsbl_sites filter syntax?

On Tue, Jan 18, 2011 at 04:08:12PM -0500, Wietse Venema wrote: > But having "," inside an access control feature it is likely to > break third-party tools that maintain Postfix configuration files. > > The alternative is to [modify] the address filter syntax, and to > replace "," by a different s

Re: postscreen_dnsbl_sites filter syntax?

* Wietse Venema : > Victor Duchovni: > > On Tue, Jan 18, 2011 at 03:56:45PM -0500, Wietse Venema wrote: > > > > > Something along the lines of: > > > > > > /* > > > * Workaround. The "," was already in use as dnsbl list separator. > > > */ > > > for (keep = 0, cp = var_psc_dnsbl

Re: postscreen_dnsbl_sites filter syntax?

Victor Duchovni: > On Tue, Jan 18, 2011 at 03:56:45PM -0500, Wietse Venema wrote: > > > Something along the lines of: > > > > /* > > * Workaround. The "," was already in use as dnsbl list separator. > > */ > > for (keep = 0, cp = var_psc_dnsbl_sites; *cp; cp++) { > > if

Re: postscreen_dnsbl_sites filter syntax?

On Tue, Jan 18, 2011 at 03:56:45PM -0500, Wietse Venema wrote: > Something along the lines of: > > /* > * Workaround. The "," was already in use as dnsbl list separator. > */ > for (keep = 0, cp = var_psc_dnsbl_sites; *cp; cp++) { > if (*cp == '[') { > keep++

Re: postscreen_dnsbl_sites filter syntax?

Victor Duchovni: > On Tue, Jan 18, 2011 at 03:36:12PM -0500, Victor Duchovni wrote: > > > On Tue, Jan 18, 2011 at 09:19:50PM +0100, Mark Martinec wrote: > > > > > $ postconf postscreen_dnsbl_sites > > > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2

Re: postscreen_dnsbl_sites filter syntax?

On Tue, Jan 18, 2011 at 03:36:12PM -0500, Victor Duchovni wrote: > On Tue, Jan 18, 2011 at 09:19:50PM +0100, Mark Martinec wrote: > > > $ postconf postscreen_dnsbl_sites > > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2,3,4..8,10..11] > > > > postfix/posts

Re: postscreen_dnsbl_sites filter syntax?

On 1/18/2011 2:46 PM, Wietse Venema wrote: Mark Martinec: I must be doing something silly, but I can't see my mistake. $ postconf postscreen_dnsbl_sites postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2,3,4..8,10..11] postfix/postscreen[26161]: fatal: bad DNSBL filter syntax: need &

Re: postscreen_dnsbl_sites filter syntax?

Mark Martinec: > I must be doing something silly, but I can't see my mistake. > > $ postconf postscreen_dnsbl_sites > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2,3,4..8,10..11] > > postfix/postscreen[26161]: fatal: bad DNSBL filter syntax: need ","

Re: postscreen_dnsbl_sites filter syntax?

On Tue, Jan 18, 2011 at 09:19:50PM +0100, Mark Martinec wrote: > $ postconf postscreen_dnsbl_sites > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2,3,4..8,10..11] > > postfix/postscreen[26161]: fatal: bad DNSBL filter syntax: need "," or "]" at > &quo

postscreen_dnsbl_sites filter syntax?

I must be doing something silly, but I can't see my mistake. $ postconf postscreen_dnsbl_sites postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2,3,4..8,10..11] postfix/postscreen[26161]: fatal: bad DNSBL filter syntax: need "," or "]" at "127.0.0.[2><"