postfix has a new whitelist feature in 2.11. A main.cf config like this: postscreen_greet_action = enforce postscreen_pipelining_enable = yes postscreen_pipelining_action = enforce postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org list.dnswl.org*-1 postscreen_dnsbl_whitelist_threshold = -1
means you're using a blacklist (zen.spamhaus.org), whitelist (list.dnswl.org), and greylisting everything else. I'm not getting spam anymore and I don't think I'm rejecting legitimate mail either. I was having a problem with the 450 greylisting response causing permanent bounces with mail servers that don't retry (comcast.net for example) but the whitelist has fixed it and most mail is delivered a lot faster since it doesn't have to retry. - Grant
