So I wonder if
postscreen_dnsbl is enabled is it possible that mail get lost by mistake?
Somehow some false positive?
How do you maintain the list?
> On 12/02/2017 09:09 PM, Junk wrote:
>> Is there any list that can be trusted and is publicly available or
>> unless you pay nothing is trusted?
>>
>>
>
> See my previous list of postscreen_dnsbl_sites entries. These can be
> trusted in aggregate but not individually. Traditionally in MTAs, a
> single block list hit will reject email but that is too risky. You
> really should consider switching to Postfix and try out
> postscreen_dnsbl_sites to combine the results of block lists. More
> trustworthy lists get a higher weight and less trustworthy lists get a
> lower weight above zero. Whitelists get a negative weight to lower the
> total score.
>
> /etc/postfix/main.cf:
> postscreen_cache_retention_time = 7d
> postscreen_bare_newline_ttl = 7d
> postscreen_greet_ttl = 7d
> postscreen_non_smtp_command_ttl = 7d
> postscreen_pipelining_ttl = 7d
> postscreen_dnsbl_ttl = 1m
> postscreen_dnsbl_threshold = 8
> postscreen_dnsbl_action = enforce
> postscreen_greet_action = enforce
> postscreen_greet_wait = ${stress?1}${stress:11}s
> postscreen_bare_newline_action = enforce
> postscreen_bare_newline_enable = yes
> postscreen_non_smtp_command_enable = yes
> postscreen_pipelining_enable = yes
> postscreen_dnsbl_whitelist_threshold = -1
> postscreen_blacklist_action = drop
>
> postscreen_dnsbl_sites =
> ... (from previous email)
>
>>> On Dec 2, 2017, at 7:44 PM, Bill Cole
>>> <[email protected]> wrote:
>>>
>>>> On 2 Dec 2017, at 13:33 (-0500), David Jones wrote:
>>>>
>>>> Then you can start experimenting with RBLs at
>>>> http://multirbl.valli.org/lookup/
>>>
>>> Be VERY careful with that list of DNSBLs. For years they listed and
>>> tested my local, private, never-public DNSBL (which has always had an
>>> external view that "lists the world") despite repeated requests to
>>> stop, resulting in a steady stream of clueless users pleading,
>>> rationalizing, and/or threatening me over their supposed listing. It is
>>> only after I started to give actively hostile answers to external
>>> queries that they took my DNSBL off their lookup page, but they still
>>> ping it every day or so. Apparently, similar sites copied them and some
>>> end users seem to have gotten the bright idea to query the zone,
>>> sometimes in substantial volume.
>>>
>>> The bottom line: before actually *using* any of the DNSBLs you find via
>>> any 3rd-party site, research the list's actual purpose and
>>> availability.
>>>
>>> --
>>> Bill Cole
>>> [email protected] or [email protected]
>>> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
>>> Currently Seeking Steady Work: https://linkedin.com/in/billcole
>>
>
>
> --
> David Jones
>
