On Fri, 2014-08-29 at 02:15 +0200, Reindl Harald wrote:
> look at the attached zp-archive [...]
Since I already had a closer look at the contents including your local
cf, and I am here to offer help and didn't mean no harm, some comments
regarding the SA config.
> # resolves a bug with milter always triggering a wrong informational header
> score UNPARSEABLE_RELAY 0
See the RH bug you filed and its upstream report. Do you still need
that? This would be the first instance of continued triggering of that
test I ever encountered.
> # disable most builtin DNSBL/DNSWL to not collide with webinterface settings
> score __RCVD_IN_SORBS 0
> score __RCVD_IN_ZEN 0
> score __RCVD_IN_DNSWL 0
Rules starting with double-underline are non-scoring sub-rules.
Assigning a zero score doesn't disable them like it does with regular
rules. In the case of RBL sub-rules like the above, it does not prevent
DNS queries. It is better to
meta __FOO 0
overwrite the sub-rule, rather than set a score that doesn't exist.
> # unconditional sender whitelists
> whitelist_from *@apache.org
> whitelist_from *@bipa.co.at
> whitelist_from *@centos.org
> whitelist_from *@dovecot.org
[...]
Unconditional whitelisting generally is a bad idea and might appear in
forged addresses.
If possible, it is strongly suggested to use whitelist_from_auth, or at
least whitelist_from_rcvd (which requires *_networks be set correctly).
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
