spam.blacklist.rules Syntax question

Hugo van der Kooij hvdkooij at
Mon Mar 5 18:04:17 CET 2007

On Mon, 5 Mar 2007, Glenn Steen wrote:

> On 05/03/07, Glenn Steen <glenn.steen at> wrote:
>>  On 05/03/07, am.lists <am.lists at> wrote:
>>  (snip)
>> > > >  Would this be better moved to a postfix block instead of where I'm
>> > > >  [attempting] to do it?
>> > >  Might be a good idea, saves even more.
>> > 
>> >  The only downside is I don't get the instrumentation of how effective
>> >  my blocking is if I do it there, right?
>> >
>>  Quite true. Blocking later in the processing will give you more
>>  information to work with... The question you should perhaps ask
>>  yourself is "is it worth it";-).
> But (unless my memory fails me completely ... I cannot use things like
> this due to laws/policy... Don't ask) you should still get a fairly
> informative log entry to the effect that it had been dropped... Unless
> you use FW rules to do the blocking:)

I do delay the postfix blocking actions untill I have:
  - foreign IP
  - helo
  - sender
  - recipient

That will give enough information in the log like:

Mar  5 17:59:53 faramir postfix/smtpd[24556]: NOQUEUE: reject: RCPT from[]: 554 
<[]>: Client host rejected: Dynamic 
(Cable, Dialup or DSL) network access denied; Use a smarthost instead 
(; from=<opabxlegtyu at> 
to=<whois at> proto=ESMTP helo=<>

For postfix you need in main.conf:

# Delay reject untill we know enough
smtpd_delay_reject = yes


 	hvdkooij at
 	    This message is using 100% recycled electrons.

 	Some men see computers as they are and say "Windows"
 	I use computers with Linux and say "Why Windows?"
 		(Thanks JFK, for the insight.)

More information about the MailScanner mailing list