Uffe Jakobsen: > > On 2014-06-24 18:35, Wietse Venema wrote: > > > >> But it was not was I was looking for - because for various reasons the > >> userid that writes the dnsbl sites file has no permissions to write > >> main.cf nor realod postfix. > > > > Including data from an non-root account into main.cf is not supported. > > Anyone who can change main.cf can also elevate privileges to root. > > Agree - I did never mean to suggest to include any file (externally > owned, potentially unsafe or not) into main.cf. > > What I was suggesting was that main.cf should instruct postfix to fetch > the dnsbl list from an external file - in my mind this is not the same > as to include anothoer file into main.cf
The lists of DNSBL/DNSWL sites in postscreen_dsbl_sites is not supposed to change all the time. It is supposed to be a limited number of sites that you trust. Postscreen performance depends on the slowest DNSBL service. Wietse