On 2023-11-02 at 04:49:37 UTC-0400 (Thu, 02 Nov 2023 10:49:37 +0200) Ivan Ionut via Postfix-users <ivan.io...@tehnopol-gl.ro> is rumored to have said:
Hi, it's possible that postscreen does not block the email when postscreen_dnsbl_threshold is reached but to pass that email to spamassassin(with a score and a tag).
No, postscreen is designed to be extremely lightweight and has no mechanism to 'pass' anything other than the active connection to a real smtpd process. It is intended to only catch the sorts of spambots that can be positively identified by bad behavior or *targeted* DNSBLs. If you have postscreen configured in a way that catches legitimate mail systems, you are misusing it.
With that said, it is possible to set postscreen_blacklist_action to 'ignore' and have other tools like SA work with the same DNSBLs later in the transaction with more subtlety. Note that if you are running a local recursive caching DNS resolver (AS ANY MTA SHOULD) it is essentially free to "re-check" DNSBLs that postscreen has queried earlier, as the answers will be cached. This would effectively front-load the inherent delay of making DNSBL checks.
-- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
