Moving black hole test to Postfix
Steve Freegard
steve.freegard at fsl.com
Mon Apr 7 09:13:35 IST 2008
Hi Stein,
steinmb wrote:
> Hi
> Have been thinking about moving some of the blackhole testing to Postfix
> (SMTP level). In my head this is cheaper? My mail server is old so less
> scanning Mailscanner have to do the better.
>
> In /etc/postfix I changed smtpd_recipient_restrictions to:
>
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination,
> reject_unknown_recipient_domain, reject_unverified_recip
> ient, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net,
> reject_rbl_client autoblock.dnsbl
Looks good to my novice Postfix eyes.
> Now what? Do I remove those I run on SMTP level from my
> /etc/Mailscanner/spam.lists.conf ? Doing those checks twice makes no sense.
> In spam.lists.conf I find lines like:
>
> spamhaus.org sbl.spamhaus.org.
> spamhaus-XBL xbl.spamhaus.org.
> spamhaus-PBL pbl.spamhaus.org.
> spamhaus-ZEN zen.spamhaus.org.
> SBL+XBL sbl-xbl.spamhaus.org.
Whoa, yes - you want to remove those. You only ever want to query
Spamhaus *once* as those lines cause each list to be queried around 2-3
times each (which is slow as MailScanner does these sequentially).
For anyone else that has similar in their spam.lists.conf file - you
really want just one entry:
spamhaus-ZEN zen.spamhaus.org
OR (if you don't want to mark dial-up/dynamic + ISP policy listed space
as spam)
spamhaus-SBL+XBL sbl-xbl.spamhaus.org
As the SBL+XBL contains, the SBL and XBL lists (duh!) and Zen includes
SBL+XBL+PBL, so you see that querying the lists separately just wastes
time and packets.
Cheers,
Steve.
More information about the MailScanner
mailing list