Ah, thanks for describing that. I am somewhat more brain fogged than
usual this morning, so am uncertain any of those would work in this
configuration. But I certainly need to look deeper. At least into my
coffee mug.
This is a low volume system consisting of postfix, SA, clamav and
fetchmail.
The mailserver (postfix) is not exposed to the internet, mail traffic is
sent to it by "fetchmail", which itself goes out to several providers
where mail accounts reside.
My first thought was, the postfix stuff would work, because . . . then I
realized, I've not looked at those solutions for some time, if ever. So,
I should stop here and look them over.
However, any real world "we did that" exists, please let me know.
joe a.
On 8/13/2022 9:52 AM, Bert Van de Poel wrote:
I think what Noel is referring to is Postfix configuration like this for
example:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org, reject_non_fqdn_recipient,
reject_unknown_recipient_domain
Notice the spamhaus links for different blocklist settings.
On 13/08/2022 15:38, joe a wrote:
On 8/12/2022 11:43 PM, Noel Butler wrote:
Why are you not blocking with blacklists at the border, ie: MTA.
I'm not familiar with how to do that or if it can be done. Since SA
offers this functionality, so did not even consider that. I'll look
into it.
Given its 0 resources for your MTA, with anti spam checking on SA
often using significant resources (depending on traffic/number of
tests/rules etc), its best to stop it getting to SA in the first place.
SA also has this by-default list of domains that it never checks, for
along time I have disagreed with this, we are the ones to decide who
gets whitelisted not SA, not some paid third party, the option
clear_uridnsbl_skip_domain however prevents this, but then you have
to locate and 0 all the general rulesets scores that are whitelists
as well.
The configuration/usage of those lists causes me great frustration.
Semi retirement and infrequent "tech stuff" may be partly to blame.
