At one time I tried to "do it all" in Postfix. It's all or nothing binary operation of its Spam rules drove me to find another solution to Spam; SpamAssassin. Now a triggered rule only adds to a Spamminess value, and won't kill the message. I ultimately took almost all the rules out of Postfix because I couldn't keep up with the false positives they created.
All the FQDN, MX, an A record checks were removed due to false positives... The check_* restrictions implement white and black listing. smtpd_recipient_restrictions = check_recipient_access hash:$config_directory/smtpd-recipient-checks, permit_mynetworks, reject_invalid_hostname, reject_unauth_destination, check_recipient_access regexp:$config_directory/smtpd-recipient-checks.rx, check_sender_access hash:$config_directory/smtpd-sender-checks, check_sender_access regexp:$config_directory/smtpd-sender-checks.rx, check_client_access hash:$config_directory/smtpd-client-checks, check_helo_access hash:$config_directory/smtpd-helo-checks, reject_unknown_recipient_domain smtpd_data_restrictions = reject_unauth_pipelining <<Dan>> > -----Original Message----- > From: Menno van Bennekom [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 07, 2004 5:45 AM > To: users@spamassassin.apache.org > Cc: David Newman > Subject: SA vs. postfix main.cf > > >We run postfix 2.1.5_1,1 on FreeBSD 5.2.1, and use some RBL lists: > >smtpd_recipient_restrictions = > >... > > reject_rbl_client opm.blitzed.org, > > reject_rbl_client list.dsbl.org, > > reject_rbl_client proxies.relays.monkeys.com, > > reject_rbl_client relays.ordb.org, > > reject_rbl_client bl.spamcop.net, > > reject_rbl_client sbl.spamhaus.org > >We are seeing cases where mail is rejected because of the > RBL lists, > >even when a sender is whitelisted in a recipient's SA > user_prefs file. > >Is there any way to reverse the order of operations so that postfix > >doesn't check with the RBL list when SA says a sender is OK? > > You can't reverse the checks, but you can whitelist > addresses in Postfix. > I use the check_client_access to allow certain domains/ips > to send mail although they appear in RBL's. Just put them in > the access-file with 'OK' > on the end of the line. You can do the same with check_sender_access. > And make sure this check is done before the RBL checks, like: > smtpd_recipient_restrictions = reject_non_fqdn_sender, > reject_non_fqdn_recipient, > permit_mynetworks, > reject_unauth_destination, > check_client_access hash:/etc/postfix/client_access, > check_helo_access hash:/etc/postfix/helo_access, > check_sender_access hash:/etc/postfix/sender_access, > reject_rbl_client dynablock.njabl.org, > reject_rbl_client dul.dnsbl.sorbs.net, > reject_rbl_client cbl.abuseat.org > > Regards > Menno van Bennekom > >