Postscreen is a single Postfix 2.8 daemon that keeps spambots away
from Postfix SMTP server processes, so that more Postfix server
resources remain available for handling mail. It will hopefully
become part of the next stable Postfix release.
Below is a quote from the release notes about new filter and weight
support for postscreen DNSBL lookup results. This was released
earlier as non-production snapshot. It has held up well, and after
some polishing of documentation and comments, it should be ready.
Next steps are a) support for different expiration times for
different tests, b) a dummy SMTP engine (similar to the smtp-sink
test program) to log the client/helo/sender/recipient for blocked
mail, and c) a simple form of greylisting if time permits.
Wietse
Incompatibility with snapshot 20100830
======================================
Use "postfix reload" after installing this code, otherwise the
dnsblog(8) daemon may complain. The postscreen-to-dnsblog protocol
had to be changed to support DNSBL query result filters.
Major changes with snapshot 20100830
====================================
Postscreen DNSBL support is extended with optional fixed-string
filters, with optional integral weight factors, and with an adjustable
threshold to block SMTP clients with DNSBL score >= that threshold.
Support for wild-card patterns will be added later.
The updated postscreen configuration syntax is:
postscreen_dnsbl_sites = domain[=ipaddr][*weight] ...
postscreen_dnsbl_threshold = score
Elements inside [] are optional, ipaddr is an IPv4 address, and
weight and score are integral numbers. The [] are not part of the
postscreen_dnsbl_sites input. By default, weight and score are
equal to 1, and entries without filter will match any non-error
DNSBL reply. Use a negative weight value for whitelisting.
Examples:
To use example.com as a high-confidence blocklist, and to block
mail with example.net and example.org only when both agree, use:
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = example.com*2, example.net, example.org
To filter only DNSBL replies containing 127.0.0.4, use:
postscreen_dnsbl_sites = example.com=127.0.0.4
See also postconf(5) for the fine details.
