Am 17.06.2016 um 16:37 schrieb Shawn Bakhtiar:
On Jun 17, 2016, at 7:25 AM, Vincent Fox <vb...@ucdavis.edu> wrote: Greylisting imo helps a lot with RBL lag.It can, but it's definitely a double edge sword. Depending on the way the remote MTA works, I've experienced emails being delayed for quite sometime. I had a lot of users requesting to be removed from the graylist, and eventually decided to drop it. When you're waiting for the confirmation of a PO from a new vendor on raw materials you need for a batch being made tomorrow it can be very frustrating :)
set it up proper, just don't greylist everything by skip clients on several DNSWL or pass SPF and the same way put aggressive HELO/PTR checks as well as sender-verification below
smtpd_recipient_restrictions = ... other stuff .... check_policy_service unix:private/spf-policy permit_dnswl_client list.dnswl.org permit_dnswl_client ips.whitelisted.org permit_dnswl_client wl.mailspike.net permit_dnswl_client hostkarma.junkemailfilter.com=127.0.0.[1;3;5] permit_dnswl_client bl.nszones.com=127.0.0.5 permit_dnswl_client score.senderscore.com=127.0.4.[80..100] permit_dnswl_client iadb.isipp.com permit_dnswl_client sa-accredit.habeas.com permit_dnswl_client dnswl.inps.de=127.0.[0;1].[2..10] permit_dnswl_client swl.spamhaus.org=127.0.2.[2;3;102;103] check_helo_access proxy:pcre:/etc/postfix/blacklist_helo.cf check_reverse_client_hostname_access proxy:pcre:/etc/postfix/ptr.cf check_policy_service unix:/var/spool/postfix/postgrey/socket reject_unverified_sender /etc/python-policyd-spf/policyd-spf.conf debugLevel = 1 defaultSeedOnly = 1 HELO_reject = No_Check Mail_From_reject = Fail Mail_From_pass_restriction = OK PermError_reject = False TempError_Defer = True
signature.asc
Description: OpenPGP digital signature
