Am 25.08.2014 um 20:41 schrieb Matus UHLAR - fantomas: >>>> Given (a) you disabled RBL checks in SA > > On 25.08.14 19:06, Reindl Harald wrote: >> the reason for that is that postfix in front already does a damned >> good job with RBL's > > since SA uses deep header scanning in many times, which postfix does not > (afaik), it's always better to NOT disable RBL's as SA level.
coming from Barracuda Networks devices where "deep header inspection" was the root of all evil like breaking PTR checks >> and especially uses internal whitelists (rbldnsd) >> and a honeypot RBL and what i want to avoid is that that SA beats >> out the whitelists > > ...and SA can use whitelists too i am still about dig in the oppurtunities and did not found something to specify used whitelists and blacklists and what is most important to reflect the postscreen setup weight them different if the is some doc which i did not found by "spamassassin whitelist" and "spamassassin RBL" i would be grateful for a link! >> - i replay the data of the internal ones to >> "local.conf" into "trusted_networks" because until now i did not >> find a way to reflect the postscreen scoring below in SA > > putting IPS/ranges into trusted_networks is NOT whitelisting. > It just pushes RBL checking to next headers. as said - i need to control the RBL/DNSWL sources and be happy since it would take away the additional work replay database content feeding the RBL daemon instead just point to the existing DNSWL/DNSBL lists there is a reason why that machine don't serve in public for now and for having first touch spamassassin two weeks ago that all looks not too bad but has for sure improvements > you have done "good" job by preventing SA from hitting rules and increasing > score, and now you are complaining about low scores... silly you misunderstood me - whatever i did before and how the config looks like is not the problem - i was alerted by the dramatic change after sa-update last night wwith no other changes
signature.asc
Description: OpenPGP digital signature
