Wietse Venema wrote: > As long as the SMTP session still exists, the client may still make > a mistake, and postscreen will not whitelist it.
Thanks for the explanation. I am surprised that Amazon's mailservers are so stupid. > Don't use deep protocol tests if they cause problems. These tests > are off by default for a good reason. Sigh. Without the deep protocol tests (and the implicit greylisting), my systems are inundated with spam. We find that spamassassin is missing far too many spam messages. With the deep protocol tests enabled, our spam has been reduced to almost zero. So I don't think turning them off is a realistic option for us. Thanks for implementing this feature; it really helps. If we don't use the deep protocol tests, we would probably have to use something like milter-greylist. Perhaps that might give a better outcome, but it is much more complicated to configure. If anybody is successfully using postfix with milter-greylist, configuration pointers would be appreciated. I have considered greylisting only messages that do not pass DMARC tests, but since the spammers are already sending messages that pass SPF and DKIM, I imagine it's only a matter of time before they set up DMARC records. For now, the expanded whitelist usage in postscreen_dnsbl_sites seems to work. Thanks, Andy