On 01/26/2017 02:53 PM, David Jones wrote: > > I understand what their SPF record means and how it works > but what they are publishing in their SPF record is not common. > Normally this would expand out to a list of IPs and CIDRs or DNS > records that can be turned into IPs that postwhite can use to build > a list for bypassing RBL checks. >
Are the problematic RBL checks performed by Postfix, or by SpamAssassin? The possibilities for whitelisting in SpamAssassin are a lot more flexible, so if I were you, I would tweak postscreen (or my smtpd restrictions) to the point where it causes no false positives. Then SpamAssassin can be configured to do the same level of RBL checks that are occasionally causing false positives now. The double lookups aren't expensive because they're cached locally. And the false positives are easy to deal with in SA, where for example you have access to the result of SPF. If you can get it to the point where SA is the one blocking Yahoo, then all you have to do is add a meta rule that subtracts a few points when the sender's domain belongs to Yahoo and the SPF_PASS rule hits.
