On 18/03/2021 22:34, Antonio Leding wrote: > Hello all, > > > 1. Where to place IPBL\DNSBL rules > > * Because the result of a hit against an IPBL\DNSBL is to REJECT, does it > make > sense to place these kind of rules earlier in the SMTPD_RESTRICTIONS eval > chain (i.e. CLIENT) rather than later (i.e. RECIPIENT) as shown in the > /Getting selective with SMTP access restriction lists/ section of the > SMTPD_ACCESS_README document. >
Traditionally, processor-intensive tests (such as DNSBL look-ups) are placed later in the test sequence, so that if a "quick and cheap" test rejects, you don't have to bother with an "expensive" test. > 2. Making hits against an IPBL\DNSBL advisory > The Postscreen front-end to Postfix gives DNSBLs a "score", so that less reliable lists become less important in the accept/reject process. Spam-assassin (and other add-ons) can also do this. Quite apart from the above, Postscreen is VERY effective in detecting compromised PCs sending junk emails. I commend it to your attention. Hope this helps Allen C
