Re: Where to place spamhaus tests

Wed, 03 Aug 2022 05:59:51 -0700 

On 03.08.22 10:39, Linkcheck wrote:
I have recently begun getting blocks from dbl.spamhaus.org for "valid" email. I thought a single instance was an aberration but in all I've seen half a dozen emails blocked - a large number for my small system. 

The original setup was...
============
smtpd_helo_restrictions =
 ...
 reject_rhsbl_helo dbl.spamhaus.org

smtpd_sender_restrictions =
 ...
 reject_rhsbl_sender dbl.spamhaus.org

smtpd_recipient_restrictions =
 ...
 reject_rbl_client zen.spamhaus.org
 reject_rhsbl_client dbl.spamhaus.org
============


I have now disabled the dbl.spamhaus tests but left in place the 
zen.spamhaus one.



The mail server is an old one, running almost untouched for several 
years. The positioning of the spamhaus tests has not changed in some 
time until now. I am setting up a new server with postfix, 
spamassassin, dovecot etc but it has yet to receive any real mail.



I am concerned that adding spamhaus tests to postfix on the new server 
may be detrimental even though, until now, I have seen no adverse 
reaction.


Spamhaus has a page for setting up postfix and recommends...
============
smtpd_recipient_restrictions =
 ...
 reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
 reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99]
 reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99]
 reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99]
 warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255]
============


Is this a realistic setup? Should there be more, fewer or repositioned 
tests?


I have moved towards postscreen a long time ago.


postscreen supports multiple scored blocklists and/or allowlists, block 
clients from configured score and with pregreet test helps with blocking 
many bots and can even replace greylisting protection.


http://www.postfix.org/POSTSCREEN_README.html

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are






















					Reply via email to