On Tue, Apr 12, 2016 at 4:30 AM, @lbutlr <krem...@kreme.com> wrote: > > > On Apr 10, 2016, at 5:37 PM, Curtis Villamizar <cur...@orleans.occnc.com> > wrote: > > > > In message <b1132232-5b45-4a7b-8fb8-f240cea1f...@kreme.com> > > "@lbutlr" writes: > >> > >> On Apr 10, 2016, at 10:24 AM, Curtis Villamizar = > >> <cur...@orleans.occnc.com> wrote: > >>> postscreen_dnsbl_sites =3D > >>> list.dnswl.org*-5 > >>> # followed by some blacklist sites > >> > >> It was my understanding that eh the order of test said not matter > >> because all the dnsbls listed would be checked, a final score > >> computed, and then that compound number passed along to postscreen. > > > > Nobody ever said there was an order dependence. > > “Followed by” does imply that order may be significant. > > > > > btw- I don't think list.dnswl.org is a viable workaround for the post > > 220 problem. This just affects the dnsbl score which would already be > > zero. The post 220 checks would still be run before putting the gmail > > server IP into the temporary whitelist. Manual maintenance of > > postscreen_access is the only thing that would work. > > Isn’t it that if an IP hasn’t been seen and scores 0 postscreeen sends a > temporary failure, so scoring it negative means it gets an immediate pass? > > I know that enabling post screen and dnswl stopped the issues with large > mailers on my system.
Curtis: +1 to the suggestion of properly using dnswl.org. But if you'd also like to automatically scan the SPF records of mailers you trust (including Gmail) and build an up-to-date Postscreen whitelist based on their published SMTP servers, then Postwhite maybe of interest to you: http://www.stevejenkins.com/blog/2015/11/postscreen-whitelisting-smtp-outbound-ip-addresses-large-webmail-providers/ SteveJ
