On 2/11/2013 10:13 AM, Nikolaos Milas wrote: > Hello, > > I am using Postfix 2.9.4 on CentOS 6.3 as a gateway server with the > following postscreen settings: > > postscreen_dnsbl_threshold = 2 > postscreen_dnsbl_sites = > b.barracudacentral.org*2, > zen.spamhaus.org*2, > psbl.surriel.com*2 > postscreen_dnsbl_action = enforce > postscreen_greet_action = enforce > > Sometimes I receive complaints from some mail server operators that > barracudacentral causes blocks of mail from their server, and "Very > few email providers use Barracuda for their RBL's, so it is not an > RBL we check very often or rely on". > > I remember that, when I had set up this gateway server, I had > researched and found that barracudacentral should be OK. > > My questions now are: > > * Based on your experience and advice, should I keep the above > postscreen settings? Any suggestions?
There is no one-size-fits-all, so do what fits at your site. What some folks do is weigh barracuda*1 and a few other dnsbl's such as bl.spamcop.net, bl.spameatingmonkey.net, fresh.spameatingmonkey.net, hostkarma.junkemailfilter.com=127.0.0.2, or ix.dnsbl.manitu.net, all scored at one. That way multiple less-trusted dnsbl's must list a site to reject their mail. Opinions on which dnsbls are safe to block on their own vary greatly. Adjust the postscreen scores as you see fit. > * Should I avoid postscreen_dnsbl_sites and only use amavis to make > decisions through scoring? How are you implementing such blocks? Use the scoring built into postscreen. You may occasionally need to use the whitelisting built into postscreen, too. > > Thanks in advance, > Nick -- Noel Jones
