On 2019/10/02 16:13, Henrik K wrote: > On Wed, Oct 02, 2019 at 02:50:23PM +0200, ratatouille wrote: > > Henrik K <h...@hege.li> schrieb am 02.10.19 um 15:46:18 Uhr: > > > > > On Wed, Oct 02, 2019 at 02:20:48PM +0200, Matus UHLAR - fantomas wrote: > > > > > > > > I got rid of it, since of too many false positives related to outlook, > > > > gmail > > > > etc. > > > > > > Why would you greylist something that's easily skipped using DNSWL etc? > > > > Thank you! I'll look for that stuff. > > Just use permit_dnswl_client before your postgrey > > permit_dnswl_client list.dnswl.org > check_policy_service inet:127.0.0.1:12345 > > These should be pretty much last lines in your checks, remember that is > accepts the message at that stage when listed. > > Of course you can also create manual whitelist lookup tables. >
dnswl doesn't have a good list of Microsoft servers, less than half of their deliveries to me today came from servers listed on dnswl. I make my own list from their SPF records to exempt them from greylist-type checks. Examples of some currently used that aren't on dnswl: 104.47.0.33 104.47.4.33 104.47.9.33 104.47.9.36 104.47.12.33 104.47.13.33 104.47.46.33 104.47.58.33 104.47.125.33 104.47.126.33