On 6/6/2011 5:34 PM, Jeroen Geilman wrote:
On 06/06/2011 10:45 PM, Rich Wales wrote:
If I enable postscreen and specify my choice of blocklists
and whitelists
in postscreen_dnsbl_sites, am I correct in assuming that I
might as well
remove any reject_rbl_client and permit_dnswl_client clauses
from my
smtpd_*_restrictions, since they will now be redundant?
On the interfaces and ports that postscreen(8) passes mail to,
yes.
If you have a dedicated submission port, this is not affected
by postscreen running on port 25.
Do note that the behaviour is different; you will be able to
directly transplant your reject_rbl_client RBLs to postscreen,
but postscreen has many more options available, such as
checking for exact return values, and scoring different RBLs
with separate weight values.
The reject_rbl_client (and various relations) smtpd
restrictions can also check for exact values (postfix 2.1 and
newer), or for ranges (postfix 2.8 and newer, same range
syntax as postscreen). The weighted scores are unique to
postscreen.
http://www.postfix.org/postconf.5.html#reject_rbl_client
The other difference is that postscreen caches a "pass" dnsbl
result for $postscreen_dnsbl_ttl (default 1h). Some sites may
prefer to lower the cache TTL or do the tests in smtpd to
quickly catch previously good clients gone bad, or to increase
the TTL to reduce DNS lookups and latency.
http://www.postfix.org/postconf.5.html#postscreen_dnsbl_ttl
-- Noel Jones
