On Mon, Nov 23, 2015 at 1:03 PM, Noel Jones <njo...@megan.vbhcs.org> wrote:
> > Maintaining a local postscreen whitelist of well-known providers is > largely obsolete. > > http://www.postfix.org/postconf.5.html#postscreen_dnsbl_whitelist_threshold > http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites > > a minimal main.cf example would be something like: > postscreen_dnsbl_sites = zen.spamhaus.org*1 list.dnswl.org*-1 > postscreen_dnsbl_whitelist_threshold = -1 Hi, Noel. Thanks for your input (it's always appreciated). I do use both of those directives in my main.cf, after the postscreen_access_list. Here's what I'm currently running: # POSTSCREEN OPTIONS v2015-06-02 postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr, cidr:/etc/postfix/gmail_whitelist.cidr, cidr:/etc/postfix/msft_whitelist.cidr, hash:/etc/postfix/postscreen_whitelist postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_greet_action = enforce postscreen_dnsbl_threshold = 3 postscreen_dnsbl_whitelist_threshold = -4 postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net*2 b.barracudacentral.org*2 bl.spameatingmonkey.net bl.spamcop.net dnsbl.sorbs.net psbl.surriel.com swl.spamhaus.org*-4 list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 wl.mailspike.net=127.0.0.[17;18]*-1 wl.mailspike.net=127.0.0.[19;20]*-2