On 5/22/2013 10:02 AM, Noel Jones wrote: ... > Secondly, remember postscreen is intended as a quick-and-simple > zombie killer, its only purpose is to reduce the workload on the > more complex filters further downstream.
This fact is not emphasized often enough. Many people forget the intended purpose of postscreen, or simply never read the opening of the docs, and falsely see it as a replacement for smtpd_foo_restricions, policy daemons, firewalls, etc. This is a direct result of the feature creep late in the development of postscreen. While the added features are beneficial to some, they are not a replacement for most of the existing antispam features of Postfix and popular addons. In fact, for low volume servers, using postscreen can be more trouble than it's worth according to many posts here, especially if 'after 220' tests are enabled without fully understanding the ramifications. I've personally never configured postscreen. Why? 1. My servers are low volume 2. I've never had problems with bots eating up smtpds 3. I reject in smtpd w/3 dnsbls and 3 rhsbls and this has worked great I'll make an educated guess that many folks here have configured postscreen simply because it was/is "the new thing", without considering whether they -needed- it or not. Many have run into the same address based whitelisting problem mentioned here, and either ditched postscreen, or spent hours/days trying to tweak it just right. My advice is to avoid postscreen unless bots are eating up your smtpds. If they're not, and your current setup works well, you gain little, or nothing, by using postscreen, but for headaches integrating it. -- Stan
