On 2018-03-02 12:09, MRob wrote: > Asking for opinions about postwhite. > https://github.com/stevejenkins/postwhite > > Below is the default whitelist domains. It's nice idea, but what about > the time when spammers got hold of 10.000 hotmail accounts? > > OTOH this is only for postscreen and not whitelisted your antispam > engine so seems like a good idea. Really like to know arguments > against using this, please speak up. > > > > webmail_hosts="aol.com google.com microsoft.com outlook.com > hotmail.com gmx.com icloud.com mail.com inbox.com zoho.com > fastmail.com" > > social_hosts="facebook.com facebookmail.com twitter.com pinterest.com > instagram.com tumblr.com reddit.com linkedin.com" > > commerce_hosts="craigslist.org amazon.com ebay.com paypal.com" > > bulk_hosts="sendgrid.com sendgrid.net mailchimp.com exacttarget.com > cust-spf.exacttarget.com constantcontact.com icontact.com mailgun.com > fishbowl.com fbmta.com mailjet.com sparkpost.com sparkpostmail.com" > > misc_hosts="zendesk.com github.com"
Hi, Can't really say anything against using postwhite. So these are my experienses: I have started using it some time ago. I have noticed that some provides use some kind of SPF rotation daily (???) and rotate between IPv6 subnets. So it is important to run it periodically to update the file. It might be good to implement rounding to the nearest /64 or even /56 for efficiency, but I didn't have a chance to look into that. Other than that, I am using the generated list to whitelist postscreen and some custom filtering that forces greylisting and honeypot checks as well. My main observation is that senders included in the default list you posted will pass postscreen anyway and additional benefit is to exclude them from RBL checks because vast majority of users would like to still allow them, even if they hit some RBLs from time to time. The additional benefit is huge saving on DNS queries and (for me) avoiding greylisting if some otherwise good server finds it's way to RBL. I also added some hosts to my list from banks, Amazon SES etc. I have about 800 lines in the generated file, which is reasonable. I have about 60-75% passing connections whitelisted now. Karol -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
