Hello, I manage a small mail server and have been using Spamcop as a DNSBL’s via postscreen:
/etc/postfix/main.cf postscreen_dnsbl_sites = bl.spamcop.net postscreen_dnsbl_action = drop After reading RFC 5782 “DNS Blacklists and Whitelists”, I decided to add some more DNSBL’s and specify filters and weighting. While looking at various samples of main.cf using DNSBL’s, I came back to an old question - where should I implement DNSBL restrictions ? On this list I seem to recall that using a DNSBL via postscreen is discouraged. Many examples place a DNSBL entry in smtpd_recipient_restrictions: /etc/postfix/main.cf . . . smtpd_recipient_restrictions = . . . reject_rbl_client bl.spamcop.net <http://bl.spamcop.net/> However, isn’t it better to place this in postscreen, as a SMTP transaction will not be started when a spammer listed on the DNSBL connects ? Or are smtpd restrictions preferred as there is more metadata about the mail transaction which I can check to see if a false positive listing on a DNSBL has taken place ? This confuses me as whether I place a DNSBL in postscreen or SMTP restrictions, in both cases the message is blocked. What are the advantages of placing in SMTP restrictions ? Thanks, - J