Viktor Dukhovni:
> > On Nov 1, 2018, at 11:30 AM, Bill Cole 
> > <postfixlists-070...@billmail.scconsult.com> wrote:
> > 
> > I intend to experiment with postscreen on 587 on the next Postfix
> > system I work with where compromised accounts are a problem.
> 
> Don't waste your time.  Postscreen cannot help you with this.
> Postscreen maintains dynamic IP-address whitelists/blacklists,
> which are of little use in submission, because submission users
> routinely use dynamic IP addresses.
> 
> Also MUAs are interactive, and users are not terribly fond of
> having their mail submission temporarily rejected and having
> to try again later.  Postscreen never accepts a message on
> the first try when the IP address is not already whitelisted.

That depends. I don't use 'after 220' tests, and never have 
client forced to reconnect.

> Postscreen also gets most of its effectiveness from RBLs,
> these too are not terribly appropriate for submission, as
> legitimate submission users will dynamically get IPs that
> botnets have previously abused.
> 
> You probably know all this, and perhaps you'll still be able
> to figure out some usable deployment model, but I'm not
> optimistic...

I think that there are DNSBLs that explicitly target bots,
so a remote IP address may get flagged for that (whether it
will be flagged soon enough is a different matter).

        Wietse

Reply via email to