292827Re: [feature request] Subzero postscreen/dnsblog score to bypass after-220 tests?
- Apr 24, 2013Here's a proposed diff for the POSTSCREEN_README:
rob0@harrier:~/stuff/postscreen.dnswl$ diff -Nru POSTSCREEN_README*
--- POSTSCREEN_README 2013-04-12 03:34:16.000000000 +0000
+++ POSTSCREEN_README.new 2013-04-24 21:04:06.155395154 +0000
@@ -245,6 +245,7 @@
* Pregreet test
* DNS White/blacklist test
+ * Skipping other tests for whitelisted clients
* When tests fail before the 220 SMTP server greeting
@@ -315,6 +316,17 @@
the combined DNSBL score is equal to or greater than the threshold. See "When
tests fail before the 220 SMTP server greeting" below.
+Skipping other tests for whitelisted clients
+The postscreen_skip_tests parameter lists the short names of tests which will
+be skipped if a client's combined DNSBL score is less than or equal to
+postscreen_skip_tests_threshold. This only makes sense when using whitelists
+with negative weights in the postscreen_dnsbl_sites list.
+The tests which can be skipped are all but the DNSBL test itself. The default
+is to perform the blacklist and MX policy tests, but skip the greet test and
+all the "deep protocol" tests, described below.
When tests fail before the 220 SMTP server greeting
When the client address matches the permanent blacklist, or when the client
@@ -612,6 +624,7 @@
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*2
+ list.dnswl.org*-1 swl.spamhaus.org*-1
Note: if your DNSBL queries have a "secret" in the domain name, you must
censor this information from the postscreen(8) SMTP replies. For example:
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
- << Previous post in topic Next post in topic >>