On Tue, Feb 20, 2007 at 10:01:30PM -0500, Francisco Reyes wrote: > Performance wise would it make sense to leave in postfix any RBLS that one > uses > as a single point of rejection?
Depends. With a DNS cache which caches negative responses too, yes. > In other words if I use zen.spamhaus.org to block any email listed in it, and > I > set the level high enough in policyd-weight to reject mails by been in that > one > RBL, would it be faster to have the RBL in postfix? I cannot make a statement because I haven't compared it, but I'd guess: yes. Also, you should ask yourself whether you would use dynablock.njabl.org for outright blocking (this is a DUL list (dial up)), and included into zen. Basically you give the decision to accept DynDNS MX users away to their ISP. > Along the same lines.. does policyd-weight stops the second it sees that the > email RBL score hit the MAXDNSBLSCORE or does it continue to do additional > tests? $MAXDNSBLHITS = 2; # If Client IP is listed in MORE # DNSBLS than this var, it gets # REJECTed immediately $MAXDNSBLSCORE = 8; # alternatively, if the score of # DNSBLs is ABOVE this # level, reject immediately "immediately" is what you are looking for, yes. > Which makes me wonder.. are the RBL tests done first or after the other > tests? In the order as they appear in the logging string. RBLs are done first, RHSBL are done last, and only if the REJECTLEVEL has not been exceeded. -- Robert Felber (PGP: 896CF30B) Munich, Germany ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/