On 24/09/2019 12:08, Wietse Venema wrote:
> Dominic Raferd:
>> On Tue, 24 Sep 2019 at 11:31, Matus UHLAR - fantomas <uhlar@fantomas.sk>
>> wrote:
>>
>>> On 24.09.19 12:11, Paul van der Vlis wrote:
>>>> I am using now much of your setting and it seems to help. Thanks a lot!
>>>
>>> I would just like to note that all those reject_rbl_client directives are
>>> prone to errors when any of those blacklist fails.
>>
>>
>> An occasional individual blacklist lookup failure is not a problem, and is
>> rare (except for b.barracudacentral.org). I have not felt the need for
>> postscreen but of course it is a good tool: I prefer to block by ip last
>> and to log helo, envelope sender & recipient as well as client ip. This
>> puts a little more load on the server, but information is power.
> 
> Postscreen logs the helo, sender, recipient, client IP address
> and client port when it rejects a connection.
> 
> 	Wietse
> 

In postscreen I use two access control lists - the first accepts known good mail
servers;  the second rejects entire "problem" countries - in my case China,
North Korea, Brazil, and Eastern Europe.  The country list is recompiled every
week, and the data comes from www.ipdeny.com.

In postfix, messages to a mailing-list identity are refused if they DON'T come
from the list-server (or a few whitelisted individuals). Senders see a polite
message to contact me on-list.

Allen C