On Tue, Feb 20, 2007 at 10:01:30PM -0500, Francisco Reyes wrote:
> Performance wise would it make sense to leave in postfix any RBLS that one
> uses
> as a single point of rejection?
Depends.
With a DNS cache which caches negative responses too, yes.
> In other words if I use zen.spamhaus.org to block any email listed in it, and
> I
> set the level high enough in policyd-weight to reject mails by been in that
> one
> RBL, would it be faster to have the RBL in postfix?
I cannot make a statement because I haven't compared it, but I'd guess: yes.
Also, you should ask yourself whether you would use dynablock.njabl.org for
outright blocking (this is a DUL list (dial up)), and included into zen.
Basically you give the decision to accept DynDNS MX users away to their
ISP.
> Along the same lines.. does policyd-weight stops the second it sees that the
> email RBL score hit the MAXDNSBLSCORE or does it continue to do additional
> tests?
$MAXDNSBLHITS = 2; # If Client IP is listed in MORE
# DNSBLS than this var, it gets
# REJECTed immediately
$MAXDNSBLSCORE = 8; # alternatively, if the score of
# DNSBLs is ABOVE this
# level, reject immediately
"immediately" is what you are looking for, yes.
> Which makes me wonder.. are the RBL tests done first or after the other
> tests?
In the order as they appear in the logging string.
RBLs are done first, RHSBL are done last, and only if the REJECTLEVEL has not
been exceeded.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
