On Sun, Apr 18, 2010 at 10:38:46PM -0500, Noel Jones wrote:
> On 4/18/2010 9:56 PM, /dev/rob0 wrote:
>>
>>> reject_unauth_pipelining,
>>
>> Might catch some zombies.
>
> Note that with older postfix (postfix < 2.6 IIRC)
> reject_unauth_pipelining must be used in smtpd_data_restrictions
> to be effective. It won't break anything in
> smtpd_recipient_restrictions, but it won't block anything either.
Oops. You caught me on that once before, telling someone it would
*not* work in smtpd_recipient_restrictions, and now here, forgetting
to mention that in this case, it won't. :)
>>> reject_maps_rbl,
>>
>> Old syntax, could be good or could be disastrous. Switch to the
>> "new" syntax (new since Postfix 2.0 IIRC) of "reject_rbl_client
>> zone.name".
>
> Using the old syntax is harmless[1] and still works; the new syntax
> was introduced for more flexibility.
>
> [1] harmless until some undefined point in the future when it's
> removed and no longer recognized.
The possible disaster to which I was referring was the case in which
one of the listed DNSBL operators decides to list the whole Internet,
some time after having retired the DNSBL. The point being, we don't
have any way to know from reading his post.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
