I think what Noel is referring to is Postfix configuration like this for
example:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org, reject_non_fqdn_recipient, reject_unknown_recipient_domain
Notice the spamhaus links for different blocklist settings.
On 13/08/2022 15:38, joe a wrote:
On 8/12/2022 11:43 PM, Noel Butler wrote:
Why are you not blocking with blacklists at the border, ie: MTA.
I'm not familiar with how to do that or if it can be done. Since SA
offers this functionality, so did not even consider that. I'll look
into it.
Given its 0 resources for your MTA, with anti spam checking on SA
often using significant resources (depending on traffic/number of
tests/rules etc), its best to stop it getting to SA in the first place.
SA also has this by-default list of domains that it never checks, for
along time I have disagreed with this, we are the ones to decide who
gets whitelisted not SA, not some paid third party, the option
clear_uridnsbl_skip_domain however prevents this, but then you have
to locate and 0 all the general rulesets scores that are whitelists
as well.
The configuration/usage of those lists causes me great frustration.
Semi retirement and infrequent "tech stuff" may be partly to blame.