On Wed, May 27, 2020, 11:44 AM @lbutlr, <krem...@kreme.com> wrote:
> On 24 May 2020, at 19:04, Ian Evans <dheianev...@gmail.com> wrote:
> > Based on another thread here, I want to move to using
> postscreen/postwhite and ditch postgrey.
> >
> > Just want to make sure I don't bungle stopping postgrey.
> >
> > So...
> >
> > - edit main.cf and remove "check_policy_service inet:127.0.0.1:10023"
> from smtpd_recipient_restrictions.
>
> Comment it out.
>
> And don't forget to comment out the corresponding section in master.cf
>
> > - restart Postfix
>
> That will do it.
>
> > - purge the postgrey package.
>
> Eventually. Don't need to rush.
>
> > Then go about getting postscreen working.
>
> As other have said, I'd do that first. But it's really just a few lines.
>
> These are my settings, -ish.
>
> postscreen_access_list = cidr:$config_directory/postscreen_access.cidr
>
> # Maybe start with warn if you're worried
> postscreen_blacklist_action = drop
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = <list of RBLs and maybe DNSWL.org whitelists>
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_ttl = 1d
> postscreen_dnsbl_whitelist_threshold = -1
> postscreen_greet_action = enforce
> postscreen_greet_banner = mail.covisp.net ESTMP -- Please wait
> postscreen_greet_wait = 11s
>
> I've settled on 11s, but you should probably not set postscreen_greet_wait
> unless you need to as the default is there for a reason. I found for my
> server 11s cut off a lot more mail, and I haven’t noticed missing anything
> I want.
>
> Default:
> postscreen_greet_wait = ${stress?{2}:{6}}s
>
> The most complicated part is setting up and scoring the rbls, though
> searching the list archives for 'postscreen_dnsbl_sites' will find you some
> settings other people use and you can start from there. Be sure and check
> the specific RBLS to be sure that they allow open access and that they
> still exist. Zen is very popular an in my opinion the best one out there,
> but you need to pay for commercial access.
>
Thanks for the further suggestions.
