Moving black hole test to Postfix
glenn.steen at gmail.com
Mon Apr 7 09:04:59 IST 2008
On 07/04/2008, Hugo van der Kooij <hvdkooij at vanderkooij.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> steinmb wrote:
> | Hi
> | Have been thinking about moving some of the blackhole testing to Postfix
> | (SMTP level). In my head this is cheaper? My mail server is old so less
> | scanning Mailscanner have to do the better.
> | In /etc/postfix I changed smtpd_recipient_restrictions to:
> | smtpd_recipient_restrictions = permit_sasl_authenticated,
> | permit_mynetworks, reject_unauth_destination,
> | reject_unknown_recipient_domain, reject_unverified_recip
> | ient, reject_rbl_client zen.spamhaus.org, reject_rbl_client
> | reject_rbl_client autoblock.dnsbl
> | Now what? Do I remove those I run on SMTP level from my
> | /etc/Mailscanner/spam.lists.conf ? Doing those checks
> twice makes no
> | In spam.lists.conf I find lines like:
> | spamhaus.org sbl.spamhaus.org.
> | spamhaus-XBL xbl.spamhaus.org.
> | spamhaus-PBL pbl.spamhaus.org.
> | spamhaus-ZEN zen.spamhaus.org.
> | SBL+XBL sbl-xbl.spamhaus.org.
> Keep in mind that SA runs them on all the Received: headers. So your
> contact might be clean but it may have received them from a system that
> is on every known list. You might want to take that into account handing
> out points.
... Which is good for SA, but ... Stein is looking at MS...:-).
One shouldn't touch spam.lists.conf, only the Spam Lists settings in
MailScanner.conf ... And of course, Stein, don't include the lists you
have in PF in MS.
As Hugo says, the ones that get past the initial check can benefit
from getting checked in SA, so let that be as is for a while. And
monitor your logs.
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner