Am 30.09.2014 um 02:40 schrieb Lorenzo Thurman: > I looked at those emails again and tried to resolve the sender’s addresses > (dig -x z.z.z.z). They don’t resolve to > valid hostnames, which means they should even reach SA. Postfix should reject > them outright. I’ve changed a couple > of postfix’s reject_rbl_client settings, put a tail on its log and now I see > many emails being rejected outright. > So I’ll take this to the postfix lists. These are the changes I made: > > old > sbl.spamhaus.org > sbl-xbl.spamhaus.org > > new > reject_rbl_client zen.spamhaus.ord > reject_rbl_client dns.sorbd.net
reject_unknown_sender_domain reject_unknown_reverse_client_hostname BTW: you should not use "reject_rbl_client" - postscreen supports weights with different RBLs and so adding more but not let a single alone block because each time you add a unconditional RBL you multiply the possibility of false positives http://www.postfix.org/POSTSCREEN_README.html postscreen_cache_retention_time = 7d postscreen_bare_newline_ttl = 7d postscreen_greet_ttl = 7d postscreen_non_smtp_command_ttl = 7d postscreen_pipelining_ttl = 7d postscreen_dnsbl_ttl = 10m postscreen_dnsbl_threshold = 8 postscreen_dnsbl_action = enforce postscreen_greet_action = enforce postscreen_greet_wait = ${stress?2}${stress:10}s postscreen_dnsbl_sites = dnsbl.sorbs.net=127.0.0.10*8 zen.spamhaus.org=127.0.0.[10;11]*8 b.barracudacentral.org*7 dnsbl.inps.de*7 dnsbl.sorbs.net=127.0.0.5*6 zen.spamhaus.org=127.0.0.[4..7]*6 bl.mailspike.net*4 bl.spamcop.net*4 bl.spameatingmonkey.net*4 zen.spamhaus.org=127.0.0.3*4 dnsrbl.swinog.ch*4 zen.spamhaus.org=127.0.0.2*3 dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2 list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].2*-4 list.dnswl.org=127.0.[0..255].3*-5
signature.asc
Description: OpenPGP digital signature
