Am 16.06.2016 um 16:21 schrieb Shawn Bakhtiar:
Agreed. We use sendmail, and check our DNSBL's their, it is much more efficient to use them before we ever engage SA. It is extremely rare to find an IP that lands on a reputable DNSBL and in those cases we can whitelist. Of course most of our traffic is B2B, not sure how effective this would be in B2C or C2C.
no difference - the majority of so blacklisted servers are infected enduser machines which have no business to connect to any machine on port 25 and for a well scored decision it don't matter anyways
also spammers don't care if you are business or not, easily to test with spam-traps and how fast they are abused with all sort of junk
On Jun 16, 2016, at 7:16 AM, jaso...@mail-central.com wrote: Fwiw, I've moved the DNSBL issue out of SA and put it 'in front' with Postfix's postscreen.
postfix 'in front' has the job to complement and not replace blacklists in SA since they still matter when some client don't reach the reject score but get additional point in the content filtering
Instead of just *one* DNSBL, which is imo always a risk, I use multiple dnsbls, and weight them in scoring. In my experience, it works fantastically well. A great write up on the approach is here http://rob0.nodns4.us/postscreen.html OF course, that presumes Postfix. You might me able to do the same with other servers, or maybe don't have the option at all.
signature.asc
Description: OpenPGP digital signature
