Moving black hole test to Postfix

Steve Freegard steve.freegard at
Mon Apr 7 09:13:35 IST 2008

Hi Stein,

steinmb wrote:
> Hi
> Have been thinking about moving some of the blackhole testing to Postfix
> (SMTP level). In my head this is cheaper? My mail server is old so less
> scanning Mailscanner have to do the better.
> In /etc/postfix I changed smtpd_recipient_restrictions to:
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination,
> reject_unknown_recipient_domain, reject_unverified_recip
> ient, reject_rbl_client, reject_rbl_client,
> reject_rbl_client autoblock.dnsbl

Looks good to my novice Postfix eyes.

> Now what? Do I remove those I run on SMTP level from my
> /etc/Mailscanner/spam.lists.conf ? Doing those checks twice makes no sense.
> In spam.lists.conf I find lines like:
> spamhaus-XBL          
> spamhaus-PBL          
> spamhaus-ZEN          
> SBL+XBL               

Whoa, yes - you want to remove those.  You only ever want to query 
Spamhaus *once* as those lines cause each list to be queried around 2-3 
times each (which is slow as MailScanner does these sequentially).

For anyone else that has similar in their spam.lists.conf file - you 
really want just one entry:


OR (if you don't want to mark dial-up/dynamic + ISP policy listed space 
as spam)


As the SBL+XBL contains, the SBL and XBL lists (duh!) and Zen includes 
SBL+XBL+PBL, so you see that querying the lists separately just wastes 
time and packets.


More information about the MailScanner mailing list