On 2023-03-11 05:39:20 +0800, Jeremy Ardley wrote: > Sort of off topic. I've given up entirely on rbl. Every commented out option > has had some type of intermittent failure resulting in lost or delayed valid > incoming mail. > > I now put up with a tiny fraction of spam that's managed well enough by > spamassassin and postscreen > > smtpd_recipient_restrictions = > permit_sasl_authenticated > permit_mynetworks > reject_unauth_destination > reject_invalid_hostname > reject_non_fqdn_hostname > reject_non_fqdn_sender > reject_non_fqdn_recipient > reject_unknown_sender_domain > # reject_rbl_client cbl.abuseat.org > # reject_rbl_client dnsbl-1.uceprotect.net > # reject_rbl_client dnsbl.sorbs.net > # reject_rbl_client spam.spamrats.com > # reject_rbl_client dyna.spamrats.com > # reject_rbl_client noptr.spamrats.com > # reject_rbl_client bl.spamcop.net > # reject_rbl_client dnsbl.sorbs.net > # reject_rbl_client sbl.spamhaus.org > # reject_rhsbl_helo dbl.spamhaus.org > # reject_rhsbl_reverse_client dbl.spamhaus.org > # reject_rhsbl_sender dbl.spamhaus.org > > # reject_rbl_client cbl.abuseat.org
Why not use postscreen for RBLs? FYI, I've been using the following for quite a long time: postscreen_blacklist_action = enforce postscreen_greet_action = enforce postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[0..255]*3 b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.ahbl.org bl.spamcop.net swl.spamhaus.org*-4 list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 postscreen_dnsbl_threshold = 3 IIRC, this more or less comes from the postfix-users mailing-list. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
