RE: manitu.net RBL, opinions? Re: postwhite? (why not?)
I use this list for postscreen, big list. Use with care, this one is customized for my needs. The why to cidr's in the access list. The first is manualy maintaint. The second cidr and spamhous drop are auto updated by script. Greetz, Louis postscreen_greet_banner =$myhostname, checking blacklists, please wait. postscreen_greet_action = drop postscreen_greet_wait = 3s postscreen_greet_ttl = 2d postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/personal/postscreen_access_list.cidr, # personal white/black list. pcre:/etc/postfix/personal/postscreen_access_list-reject.fqrdns.pcre # faulty rdns record list, like hosters with dynamic ips. cidr:/etc/postfix/personal/postscreen_access_list-drop.spamhaus-lasso.cidr # Spamhaus DROP List postscreen_whitelist_interfaces = $mynetworks, static:all postscreen_blacklist_action = drop postscreen_dnsbl_reply_map = pcre:/etc/postfix/personal/postscreen_dnsbl_reply_map.pcre # customized reply. postscreen_dnsbl_action = enforce postscreen_dnsbl_ttl= 2h postscreen_dnsbl_threshold = 4 postscreen_dnsbl_threshold = 4 postscreen_dnsbl_sites = zen.spamhaus.org*4 b.barracudacentral.org*4 bad.psky.me*4 dnsbl.cobion.com*2 bl.spameatingmonkey.net*2 fresh.spameatingmonkey.net*2 cbl.anti-spam.org.cn=127.0.8.2*2 dnsbl.kempt.net*1 dnsbl.inps.de*2 bl.spamcop.net*2 srn.surgate.net=127.0.0.2 spam.dnsbl.sorbs.net*1 rbl.rbldns.ru*2 psbl.surriel.com*2 bl.mailspike.net*2 rep.mailspike.net=127.0.0.[13;14]*1 bl.suomispam.net*2 bl.blocklist.de*2 ix.dnsbl.manitu.net*2 dnsbl-2.uceprotect.net dnsbl.justspam.org=127.0.0.2*2 all.s5h.net=127.0.0.2*2 hostkarma.junkemailfilter.com=127.0.0.[2;4]*2 rbl.abuse.ro=127.0.0.[2;4]*2 dnsbl.spfbl.net=127.0.0.[2;4]*2 # No RDNS dnsbl.spfbl.net=127.0.0.3*1 hostkarma.junkemailfilter.com=127.0.0.3*1 # whitelists swl.spamhaus.org*-6 dnswl.spfbl.net=127.0.0.[2;3;4]*-3 list.dnswl.org=127.0.[0..255].[2;3]*-4 rep.mailspike.net=127.0.0.[17;18]*-1 rep.mailspike.net=127.0.0.[19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-4 nobl.junkemailfilter.com=127.0.0.5*-4 # > -Oorspronkelijk bericht- > Van: postfixlists-070...@billmail.scconsult.com > [mailto:owner-postfix-us...@postfix.org] Namens Bill Cole > Verzonden: dinsdag 6 maart 2018 15:44 > Aan: Postfix users > Onderwerp: Re: manitu.net RBL, opinions? Re: postwhite? (why not?) > > On 6 Mar 2018, at 1:26, MRob wrote: > > > On 2018-03-05 18:05, Bill Cole wrote: > >>> Would you mind sharing which RBLs you recommend to use in > >>> postscreen? > >> > >> postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 > >> zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 > >> zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 > >> psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 > > > > I just learned of manitu.net RBL is it helpful? > > Obviously I find it so... > > > Bill you don't use things like barracuda.net, spamcop, > whatever that > > monkey one is, mailspike. > > Not in postscreen (for the reasons previously cited) nor in > smtpd. I do > use the DNSBLs that SpamAssassin supports by default, but with score > adjustments. > > > Is manitu a good replacement for all those? > > No. It IS a good source of spam sources targeting primarily but not > exclusively European mailboxes, many of which show up on the > manitu list > (a.k.a. "NiX Spam") hours before they appear in Zen. > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Currently Seeking Steady Work: https://linkedin.com/in/billcole > >
Re: manitu.net RBL, opinions? Re: postwhite? (why not?)
On 6 Mar 2018, at 1:26, MRob wrote: On 2018-03-05 18:05, Bill Cole wrote: Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 I just learned of manitu.net RBL is it helpful? Obviously I find it so... Bill you don't use things like barracuda.net, spamcop, whatever that monkey one is, mailspike. Not in postscreen (for the reasons previously cited) nor in smtpd. I do use the DNSBLs that SpamAssassin supports by default, but with score adjustments. Is manitu a good replacement for all those? No. It IS a good source of spam sources targeting primarily but not exclusively European mailboxes, many of which show up on the manitu list (a.k.a. "NiX Spam") hours before they appear in Zen. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole
Re: spamhaus zen response codes in postscreen Re: postwhite? (why not?)
On 6 Mar 2018, at 1:18, MRob wrote: On 2018-03-05 18:05, Bill Cole wrote: Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 Why list all these, are there zen response codes that you don't want to blacklist? .5 and .6 were formerly used for XBL components with significant mixed-source listings. The .5-.7 responses are not currently in use BUT are reserved for possible future use in the XBL, which is currently all CBL listings. I don't want to be surprised by their deployment for mixed-source listings. Tangential note: Since you apparently can't honor my Reply-To header, I have acted locally to simulate basic courtesy.
Re: manitu.net RBL, opinions? Re: postwhite? (why not?)
On Tue, 06 Mar 2018 06:26:49 + MRobwrote: > On 2018-03-05 18:05, Bill Cole wrote: > >> Would you mind sharing which RBLs you recommend to use in > >> postscreen? > > > > postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 > > zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 > > zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 > > psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 > > I just learned of manitu.net RBL is it helpful? Bill you don't use > things like barracuda.net, spamcop, whatever that monkey one is, > mailspike. Is manitu a good replacement for all those? Just a FYI, my experience is manitu periodically blocks hostgator email. I had to remove it from my list. If you want to check your logs to see if you receive email from hostgator, all my email from hostgator has come from websitewelcome.com, but here is the official documentation: http://support.hostgator.com/articles/what-are-private-name-servers FWIW, I use barracuda.net.
manitu.net RBL, opinions? Re: postwhite? (why not?)
On 2018-03-05 18:05, Bill Cole wrote: Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 I just learned of manitu.net RBL is it helpful? Bill you don't use things like barracuda.net, spamcop, whatever that monkey one is, mailspike. Is manitu a good replacement for all those?
spamhaus zen response codes in postscreen Re: postwhite? (why not?)
On 2018-03-05 18:05, Bill Cole wrote: Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 Why list all these, are there zen response codes that you don't want to blacklist?
Re: FQRDNS blacklist why not? Re: postwhite? (why not?)
On 5 Mar 2018, at 16:38, MRob wrote: Bill Cole said: The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. So why, I like to ask is fqrdns list not recommended for use in postscreen? Did you see "DNSBL" in that sentence? The "fqrdns" list is not a DNSBL. With that said, I don't use it because: 1. I find it generally superfluous given my other defenses. 2. I would never want to use it in postscreen because it is not designed to identify only known spam-only sources. 3. I don't believe it is possible to use it in postscreen because it relies on domain names, while postscreen_access_list only looks up the client IP.
Re: FQRDNS blacklist why not? Re: postwhite? (why not?)
MRob skrev den 2018-03-05 22:38: Bill Cole said: The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. So why, I like to ask is fqrdns list not recommended for use in postscreen? https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre too much fp Its maintained by same person as postwhite so I guess that means he knows good reason why not to outright blacklist the clients in that list. postscreen is not ment for testing that data
Re: FQRDNS blacklist why not? Re: postwhite? (why not?)
On 3/5/2018 3:38 PM, MRob wrote: > Bill Cole said: >> The postscreen DNSBL >> configuration should be designed to only block IPs that *only* send >> spam. > > So why, I like to ask is fqrdns list not recommended for use in > postscreen? > https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre > > Its maintained by same person as postwhite so I guess that means he > knows good reason why not to outright blacklist the clients in that > list. By design, postscreen operates on the client IP only, and the rDNS hostname is not available. This is intentional to keep performance high and latency low. The fqrdns.pcre operates on the rDNS hostname of the connecting client, which isn't available in postscreen. Consequently, by design the fcrdns.pcre cannot work in postscreen, and should not be used there. -- Noel Jones
FQRDNS blacklist why not? Re: postwhite? (why not?)
Bill Cole said: The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. So why, I like to ask is fqrdns list not recommended for use in postscreen? https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre Its maintained by same person as postwhite so I guess that means he knows good reason why not to outright blacklist the clients in that list.
Re: postwhite? (why not?)
On 5 Mar 2018, at 3:59, Karol Augustin wrote: On 2018-03-05 6:39, Bill Cole wrote: On 3 Mar 2018, at 14:25, J Doe wrote: Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? Apologies for belabouring the point - I’m just not understanding. Not all DNSBLs are equivalent. SOME are suited for use in postscreen as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. There are DNSBLs designed to be hyper-sensitive, to not give any sender a free pass, and to generate occasional collateral damage. There are DNSBLs designed to be used in complex anti-spam systems and NOT as a unilateral basis for blocking. Those sorts of DNSBL should not be used in postscreen with a score at or above postscreen_dnsbl_threshold. Hi Bill, Would you mind sharing which RBLs you recommend to use in postscreen? postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.2*2 zen.spamhaus.org=127.0.0.3*2 zen.spamhaus.org=127.0.0.4*2 zen.spamhaus.org=127.0.0.10*2 zen.spamhaus.org=127.0.0.11*2 psbl.surriel.com=127.0.0.2*1 ix.dnsbl.manitu.net=127.0.0.2*1 postscreen_dnsbl_threshold = 2 For my own system I also use 2 local DNSBLs scored at 1 (both are full of non-spam sources by design) and reuse all of those and more in smtpd, with whitelisting of various sorts to protect mail that needs protecting. That's a bespoke config that isn't suitable for most sites. (And those local DNSBLs tell intentional lies to the outside world anyway.)
Re: postwhite? (why not?)
On 3 Mar 2018, at 14:25, J Doe wrote: Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? I forgot to add: when you use dnsbl entries at postscreen level, you apparently won't need them in other postfix restrictions. if you use spam filter e.g. spamassassin, leave the rest on it. On 2018-03-05 6:39, Bill Cole wrote: Not all DNSBLs are equivalent. SOME are suited for use in postscreen as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. There are DNSBLs designed to be hyper-sensitive, to not give any sender a free pass, and to generate occasional collateral damage. There are DNSBLs designed to be used in complex anti-spam systems and NOT as a unilateral basis for blocking. Those sorts of DNSBL should not be used in postscreen with a score at or above postscreen_dnsbl_threshold. On 05.03.18 08:59, Karol Augustin wrote: Would you mind sharing which RBLs you recommend to use in postscreen? On 05.03.18 16:54, Matus UHLAR - fantomas wrote: I don't see problems having spamhaus, sorbs and spamcop at postscreen level, especially when someone adds e.g. dnswl weighing -1 too. veri simple example: postscreen_dnsbl_sites = zen.spamhaus.org, dnsbl.sorbs.net, bl.spamcop.net, list.dnswl.org*-1 you can play with weighing blacklists and whitelists, and/or tuning postscreen_dnsbl_threshold -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states.
Re: postwhite? (why not?)
On 3 Mar 2018, at 14:25, J Doe wrote: Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? Apologies for belabouring the point - I’m just not understanding. On 2018-03-05 6:39, Bill Cole wrote: Not all DNSBLs are equivalent. SOME are suited for use in postscreen as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. There are DNSBLs designed to be hyper-sensitive, to not give any sender a free pass, and to generate occasional collateral damage. There are DNSBLs designed to be used in complex anti-spam systems and NOT as a unilateral basis for blocking. Those sorts of DNSBL should not be used in postscreen with a score at or above postscreen_dnsbl_threshold. On 05.03.18 08:59, Karol Augustin wrote: Would you mind sharing which RBLs you recommend to use in postscreen? I don't see problems having spamhaus, sorbs and spamcop at postscreen level, especially when someone adds e.g. dnswl weighing -1 too. veri simple example: postscreen_dnsbl_sites = zen.spamhaus.org, dnsbl.sorbs.net, bl.spamcop.net, list.dnswl.org*-1 you can play with weighing blacklists and whitelists, and/or tuning postscreen_dnsbl_threshold -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends?
Re: postwhite? (why not?)
On 2018-03-05 6:39, Bill Cole wrote: > On 3 Mar 2018, at 14:25, J Doe wrote: > >> Should I then continue to use postscreen for the zombie detection but then >> move my DNSRBL entries to smtpd restrictions ? >> >> Apologies for belabouring the point - I’m just not understanding. > > Not all DNSBLs are equivalent. SOME are suited for use in postscreen > as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL > configuration should be designed to only block IPs that *only* send > spam. There are DNSBLs designed to be hyper-sensitive, to not give any > sender a free pass, and to generate occasional collateral damage. > There are DNSBLs designed to be used in complex anti-spam systems and > NOT as a unilateral basis for blocking. Those sorts of DNSBL should > not be used in postscreen with a score at or above > postscreen_dnsbl_threshold. Hi Bill, Would you mind sharing which RBLs you recommend to use in postscreen? k. -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
Re: postwhite? (why not?)
On 3 Mar 2018, at 14:25, J Doe wrote: Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? Apologies for belabouring the point - I’m just not understanding. Not all DNSBLs are equivalent. SOME are suited for use in postscreen as absolute bans, e.g. Spamhaus Zen. The postscreen DNSBL configuration should be designed to only block IPs that *only* send spam. There are DNSBLs designed to be hyper-sensitive, to not give any sender a free pass, and to generate occasional collateral damage. There are DNSBLs designed to be used in complex anti-spam systems and NOT as a unilateral basis for blocking. Those sorts of DNSBL should not be used in postscreen with a score at or above postscreen_dnsbl_threshold.
Re: postwhite? (why not?)
J Doe: > Hi Wietse, > > > On Mar 2, 2018, at 1:49 PM, Wietse Venemawrote: > > > > Postscreen blocks sites based on: > > > > - Their reputation that hey don't send legitimate mail. > > zen.spamhaus.org and bl.spamcop.net are examples of that. > > > > - Their behavior. The postscreen pregreet test is an example of that. > > > >Wietse > > Ok. I am definitely making use of the zombie detection (pre-greeting, > etc.), but I also use the DNSRBL?s on postscreen. I was under the > possibly mistaken impression that this was a bit more efficient > instead of having a spam source connect, possibly negotiate STARTTLS > and then start a SMTP transaction and then have it rejected based > on smtpd restrictions. > > Should I then continue to use postscreen for the zombie detection > but then move my DNSRBL entries to smtpd restrictions ? postscreen handles multiple sessions in parallel. Only clients that "PASS" are allowed to talk to an SMTP daemon process. In a word where most email comes from spambots, this is more efficient than always spending one SMTP daemon process on every client. wietse
Re: postwhite? (why not?)
Hi Wietse, > On Mar 2, 2018, at 1:49 PM, Wietse Venemawrote: > > Postscreen blocks sites based on: > > - Their reputation that hey don't send legitimate mail. > zen.spamhaus.org and bl.spamcop.net are examples of that. > > - Their behavior. The postscreen pregreet test is an example of that. > >Wietse Ok. I am definitely making use of the zombie detection (pre-greeting, etc.), but I also use the DNSRBL’s on postscreen. I was under the possibly mistaken impression that this was a bit more efficient instead of having a spam source connect, possibly negotiate STARTTLS and then start a SMTP transaction and then have it rejected based on smtpd restrictions. Should I then continue to use postscreen for the zombie detection but then move my DNSRBL entries to smtpd restrictions ? Apologies for belabouring the point - I’m just not understanding. Thanks, - J
Re: postwhite? (why not?)
On 2018-03-03 5:06, MRob wrote: > On 2018-03-02 13:46, Karol Augustin wrote: >> I also added some hosts to my list from banks, Amazon SES etc. I have >> about 800 lines in the generated file, which is reasonable. I have about >> 60-75% passing connections whitelisted now. > > Would you share those you've added? custom_hosts="ulsterbank.com amazonses.com nodeping.com spamassassin.apache.org outages.org paypal.com allegro.pl" k. -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
Re: postwhite? (why not?)
On 2018-03-02 13:46, Karol Augustin wrote: On 2018-03-02 12:09, MRob wrote: Asking for opinions about postwhite. https://github.com/stevejenkins/postwhite Below is the default whitelist domains. It's nice idea, but what about the time when spammers got hold of 10.000 hotmail accounts? OTOH this is only for postscreen and not whitelisted your antispam engine so seems like a good idea. Really like to know arguments against using this, please speak up. webmail_hosts="aol.com google.com microsoft.com outlook.com hotmail.com gmx.com icloud.com mail.com inbox.com zoho.com fastmail.com" social_hosts="facebook.com facebookmail.com twitter.com pinterest.com instagram.com tumblr.com reddit.com linkedin.com" commerce_hosts="craigslist.org amazon.com ebay.com paypal.com" bulk_hosts="sendgrid.com sendgrid.net mailchimp.com exacttarget.com cust-spf.exacttarget.com constantcontact.com icontact.com mailgun.com fishbowl.com fbmta.com mailjet.com sparkpost.com sparkpostmail.com" misc_hosts="zendesk.com github.com" I also added some hosts to my list from banks, Amazon SES etc. I have about 800 lines in the generated file, which is reasonable. I have about 60-75% passing connections whitelisted now. Would you share those you've added?
Re: postwhite? (why not?)
J Doe: > Hi Wietse, > > > On Mar 2, 2018, at 10:15 AM, Wietse Venemawrote: > > > > Perhaps it is time to repeat what postscreen is and is not. > > > > Don't use postscreen to block spam. Use postscreen to block spambots. > > Those who misunderstand the difference will be disappointed. For example, all blacksmiths are black, therefore all black people are blacksmiths. > > In particular, hotmail is not a spambot, therefore it should not > > be blocked by postscreen. > > I have been using the following in my /etc/postfix/main.cf: > > postscreen_dnsbl_sites = bl.spamcop.net, zen.spamhaus.org > postscreen_dnsbl_action = drop > > While this weeds out spambots I imagine it is weeding out spam > sources as well Postscreen blocks sites based on: - Their reputation that hey don't send legitimate mail. zen.spamhaus.org and bl.spamcop.net are examples of that. - Their behavior. The postscreen pregreet test is an example of that. Wietse
Re: postwhite? (why not?)
Hi Wietse, > On Mar 2, 2018, at 10:15 AM, Wietse Venemawrote: > > Perhaps it is time to repeat what postscreen is and is not. > > Don't use postscreen to block spam. Use postscreen to block spambots. > Those who misunderstand the difference will be disappointed. > > In particular, hotmail is not a spambot, therefore it should not > be blocked by postscreen. > >Wietse I have been using the following in my /etc/postfix/main.cf: postscreen_dnsbl_sites = bl.spamcop.net, zen.spamhaus.org postscreen_dnsbl_action = drop While this weeds out spambots I imagine it is weeding out spam sources as well. As a point of clarification, should I list DNSBL sites specifically for spambots here and then have a separate list of DNSBL for just spam on the smtpd restrictions ? Thanks, - J
Re: postwhite? (why not?)
MRob: > Asking for opinions about postwhite. > https://github.com/stevejenkins/postwhite > > Below is the default whitelist domains. It's nice idea, but what about > the time when spammers got hold of 10.000 hotmail accounts? Perhaps it is time to repeat what postscreen is and is not. Don't use postscreen to block spam. Use postscreen to block spambots. Those who misunderstand the difference will be disappointed. In particular, hotmail is not a spambot, therefore it should not be blocked by postscreen. Wietse
Re: postwhite? (why not?)
On 2018-03-02 12:09, MRob wrote: > Asking for opinions about postwhite. > https://github.com/stevejenkins/postwhite > > Below is the default whitelist domains. It's nice idea, but what about > the time when spammers got hold of 10.000 hotmail accounts? > > OTOH this is only for postscreen and not whitelisted your antispam > engine so seems like a good idea. Really like to know arguments > against using this, please speak up. > > > > webmail_hosts="aol.com google.com microsoft.com outlook.com > hotmail.com gmx.com icloud.com mail.com inbox.com zoho.com > fastmail.com" > > social_hosts="facebook.com facebookmail.com twitter.com pinterest.com > instagram.com tumblr.com reddit.com linkedin.com" > > commerce_hosts="craigslist.org amazon.com ebay.com paypal.com" > > bulk_hosts="sendgrid.com sendgrid.net mailchimp.com exacttarget.com > cust-spf.exacttarget.com constantcontact.com icontact.com mailgun.com > fishbowl.com fbmta.com mailjet.com sparkpost.com sparkpostmail.com" > > misc_hosts="zendesk.com github.com" Hi, Can't really say anything against using postwhite. So these are my experienses: I have started using it some time ago. I have noticed that some provides use some kind of SPF rotation daily (???) and rotate between IPv6 subnets. So it is important to run it periodically to update the file. It might be good to implement rounding to the nearest /64 or even /56 for efficiency, but I didn't have a chance to look into that. Other than that, I am using the generated list to whitelist postscreen and some custom filtering that forces greylisting and honeypot checks as well. My main observation is that senders included in the default list you posted will pass postscreen anyway and additional benefit is to exclude them from RBL checks because vast majority of users would like to still allow them, even if they hit some RBLs from time to time. The additional benefit is huge saving on DNS queries and (for me) avoiding greylisting if some otherwise good server finds it's way to RBL. I also added some hosts to my list from banks, Amazon SES etc. I have about 800 lines in the generated file, which is reasonable. I have about 60-75% passing connections whitelisted now. Karol -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312