On 24/09/2019 12:08, Wietse Venema wrote:
> Dominic Raferd:
>> On Tue, 24 Sep 2019 at 11:31, Matus UHLAR - fantomas <uh...@fantomas.sk>
>> wrote:
>>
>>> On 24.09.19 12:11, Paul van der Vlis wrote:
>>>> I am using now much of your setting and it seems to help. Thanks a lot!
>>>
>>> I would just like to note that all those reject_rbl_client directives are
>>> prone to errors when any of those blacklist fails.
>>
>>
>> An occasional individual blacklist lookup failure is not a problem, and is
>> rare (except for b.barracudacentral.org). I have not felt the need for
>> postscreen but of course it is a good tool: I prefer to block by ip last
>> and to log helo, envelope sender & recipient as well as client ip. This
>> puts a little more load on the server, but information is power.
>
> Postscreen logs the helo, sender, recipient, client IP address
> and client port when it rejects a connection.
>
> Wietse
>
In postscreen I use two access control lists - the first accepts known good mail
servers; the second rejects entire "problem" countries - in my case China,
North Korea, Brazil, and Eastern Europe. The country list is recompiled every
week, and the data comes from www.ipdeny.com.
In postfix, messages to a mailing-list identity are refused if they DON'T come
from the list-server (or a few whitelisted individuals). Senders see a polite
message to contact me on-list.
Allen C
