Uffe Jakobsen:
>
> On 2014-06-24 18:35, Wietse Venema wrote:
> >
> >> But it was not was I was looking for - because for various reasons the
> >> userid that writes the dnsbl sites file has no permissions to write
> >> main.cf nor realod postfix.
> >
> > Including data from an non-root account into main.cf is not supported.
> > Anyone who can change main.cf can also elevate privileges to root.
>
> Agree - I did never mean to suggest to include any file (externally
> owned, potentially unsafe or not) into main.cf.
>
> What I was suggesting was that main.cf should instruct postfix to fetch
> the dnsbl list from an external file - in my mind this is not the same
> as to include anothoer file into main.cf
The lists of DNSBL/DNSWL sites in postscreen_dsbl_sites is not
supposed to change all the time. It is supposed to be a limited
number of sites that you trust. Postscreen performance depends on
the slowest DNSBL service.
Wietse
