Hello,
I manage a small mail server and have been using Spamcop as a DNSBL’s via
postscreen:
/etc/postfix/main.cf
postscreen_dnsbl_sites = bl.spamcop.net
postscreen_dnsbl_action = drop
After reading RFC 5782 “DNS Blacklists and Whitelists”, I decided to add some
more
DNSBL’s and specify filters and weighting. While looking at various samples of
main.cf
using DNSBL’s, I came back to an old question - where should I implement DNSBL
restrictions ?
On this list I seem to recall that using a DNSBL via postscreen is discouraged.
Many examples
place a DNSBL entry in smtpd_recipient_restrictions:
/etc/postfix/main.cf
. . .
smtpd_recipient_restrictions = . . . reject_rbl_client bl.spamcop.net
<http://bl.spamcop.net/>
However, isn’t it better to place this in postscreen, as a SMTP transaction
will not be started
when a spammer listed on the DNSBL connects ? Or are smtpd restrictions
preferred
as there is more metadata about the mail transaction which I can check to see
if a false
positive listing on a DNSBL has taken place ?
This confuses me as whether I place a DNSBL in postscreen or SMTP restrictions,
in both
cases the message is blocked. What are the advantages of placing in SMTP
restrictions ?
Thanks,
- J
