On 7/09/24 22:23, Gilgongo via Postfix-users wrote:
I see, thanks. Assuming for a moment that resources for the SA checks
weren't an issue,
Resources are always an issue, you may think you don't get that much
mail but spam can come in heavy waves and postscreen can do a good job
of blocking it without bogging the rest of the system down.
SpamAssassin can back up the system considerably if a massive wave of
spam hits.
if I had this for postscreen to help with
occasional pregreet issues, then rely on Spamassassin for all other
checks, would that work?
postscreen_dnsbl_threshold = 0
This should never be set to zero, it can cause postscreen to block
nearly everything!
postscreen_dnsbl_allowlist_threshold = -1
postscreen_dnsbl_sites = list.dnswl.org
<http://list.dnswl.org>=127.0.[0..255].[2..3]*-2
This would allow listed clients to skip any other postscreen tests.
That assumes, of course, that you're enabling those other tests to begin
with, otherwise it does no good to skip a test that is not enabled anyways.
I take it from what you say though that it's not a common configuration
(and assuming all the pregreet checks are turned on). It's just that I'm
toying with the idea of giving our users (who are mostly pretty savvy)
control over their own Spamassassin user_prefs files :)
That's all well and good, but it's not a bad thing to block additional
spam first if you can be reasonably certain that it actually is going to
be spam.
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
