On Thu, Feb 03, 2011 at 03:31:07PM +0100, Frank Bonnet wrote:
> Just few words to say how postscreen is great !
>
> Thanks for that !!!
Indeed, but I'd like to add some content to this thread and ask the
list as a whole:
1. What are you using for dnsbl sites and threshold?
2. Have you enabled deep protocol tests, and if so, is it as
painful as greylisting?
Mine's still in testing mode, but I'm impressed with results thus
far. I've got these:
postscreen_dnsbl_sites =
zen.spamhaus.org*3
b.barracudacentral.org*2
dnsbl.njabl.org*2
bl.spameatingmonkey.net*2
bl.spamcop.net
dnsbl.sorbs.net
dnsbl.ahbl.org
postscreen_dnsbl_threshold = 3
PREGREET is detected in lots of cases, which pretty much always end
up in smtpd rejections for bad HELO. And the weighted DNSBL lookups
appear to be more effective than, and probably as safe as, Zen used
alone.
The only drawback, which is minor from our point of view, but maybe
major for the DNSBL operators, is that every connection means a hit
on every DNSBL. Many of those were being blocked without any DNS
lookups at all, such as the non-FQDN or non-alpha HELO.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
