Re: home server for email box
On 2023-03-11 05:39:20 +0800, Jeremy Ardley wrote:
> Sort of off topic. I've given up entirely on rbl. Every commented out option
> has had some type of intermittent failure resulting in lost or delayed valid
> incoming mail.
>
> I now put up with a tiny fraction of spam that's managed well enough by
> spamassassin and postscreen
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated
> permit_mynetworks
> reject_unauth_destination
> reject_invalid_hostname
> reject_non_fqdn_hostname
> reject_non_fqdn_sender
> reject_non_fqdn_recipient
> reject_unknown_sender_domain
> # reject_rbl_client cbl.abuseat.org
> # reject_rbl_client dnsbl-1.uceprotect.net
> # reject_rbl_client dnsbl.sorbs.net
> # reject_rbl_client spam.spamrats.com
> # reject_rbl_client dyna.spamrats.com
> # reject_rbl_client noptr.spamrats.com
> # reject_rbl_client bl.spamcop.net
> # reject_rbl_client dnsbl.sorbs.net
> # reject_rbl_client sbl.spamhaus.org
> # reject_rhsbl_helo dbl.spamhaus.org
> # reject_rhsbl_reverse_client dbl.spamhaus.org
> # reject_rhsbl_sender dbl.spamhaus.org
>
> # reject_rbl_client cbl.abuseat.org
Why not use postscreen for RBLs?
FYI, I've been using the following for quite a long time:
postscreen_blacklist_action = enforce
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[0..255]*3
b.barracudacentral.org*2
bl.spameatingmonkey.net
dnsbl.ahbl.org
bl.spamcop.net
swl.spamhaus.org*-4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 3
IIRC, this more or less comes from the postfix-users mailing-list.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: