On 19.10.2025 10:53, Ralph Seichter via Postfix-users wrote:
As mail admins know, DNS blocklists can vary in quality/usefulness over
time. New ones appear, others become defunct, and keeping local settings
relevant requires some work.
In the wake of a recent server migration I think it's time to revisit my
own settings. Hopefully some of this mailing list's subscribers are
willing to share their Postscreen config (postscreen_dnsbl_sites in
particular) and their reasoning behind it?
For reference, here are some of the services I have tried over time. The
Sorting is alphabetical and not meant to imply any order of preference
on my end:
${my_dqs_key}.zen.dq.spamhaus.net
b.barracudacentral.org
bl.mailspike.net
bl.nszones.com
bl.spamcop.net
bl.spameatingmonkey.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsrbl.swinog.ch
hostkarma.junkemailfilter.com
ips.backscatterer.org
ips.whitelisted.org
list.dnswl.org
psbl.surriel.com
score.senderscore.com
wl.mailspike.net
I am curious which services you guys recommend for non-commercial, low
volume[1] use. A local, caching nameserver (Unbound) is already in
place, as is Postfix 3.10.4.
-Ralph
[1] As in: Messages are counted at X per minute, not Y per second.
Hi Ralph,
I had some problems with bl.spameatingmonkey.net, with too many false
positives for legitimate addresses. What I use in decreasing order is:
- zen.spamhaus.org
- b.barracudacentral.org
- bl.spamcop.net
It seems sufficient enough, no use to involve too many. You cannot
however, guard against everything. Botnets where the infected PCs have
got dynamic addresses, often need amavisd with spamassassin, or rspamd,
plus a strong antivirus scanner. The traffic volume goes down
significantly after work hours, which indicates that the hijacked PCs
are part of businesses with work hours (the PCs are turned off).
Best regards,
Peter
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
