Christian Seberino via Postfix-users <[email protected]> wrote:
> postscreen_dnsbl_threshold = 2
> postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
> b.barracudacentral.org*1
>
> Is there a "minimal" setting for these two variables that will
> give *some* protection without blocking friendly sites by accident?
My settings are:
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites =
<secret>.zen.dq.spamhaus.net=127.0.0.[2..11]*2
<secret>.combined.mail.abusix.zone*2
list.dnswl.org*-4
wl.mailspike.net*-4
<secret>.white.mail.abusix.zone*-4
postscreen_dnsbl_reply_map = hash:/path/to/my/dnsbl_reply_map
Both Spamhaus DQS and Abusix Guardian Mail need registration both are free for
low usage (see the according websites). All those dnsbl and dnswl are very
reliable IMHO.
Around 80% of my daily mails arrives from mailing lists. In order to keep my
dnsblog activities low, I do have a whitelist for all originating IPs from
those mailing list servers:
postscreen_denylist_action = drop
postscreen_access_list = permit_mynetworks
cidr:/path/to/my/POSTCONF_CIDR_postscreen_access_list
And in addition, I do trust those originating IPs that much, that I do also
omit Rspamd (milter) activities with its DNS requests to those dnsbl and dnswl
from Spamhaus DQS and Abusix Guardian Mail by:
milter_default_action = accept
smtpd_milter_maps = cidr:/path/to/my/POSTCONF_CIDR_smtpd_milter_map
Hope that helps and regards,
Michael
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
