On Thu, Mar 28, 2013 at 11:15:02AM +0100, Marko Weber | ZBF wrote:
> "The table was created many years ago over an extended period of
That was what Stan said, yes.
> so, its outdated?
Let's scroll down through the mass of quoting over which you
top-posted and see what Stan said about that. (It means I'll have to
fix the rest of the top-posting to get to the rest of your comments,
but have no fear, I will.)
> Am 2013-03-25 20:04, schrieb Stan Hoeppner:
> >The table was created many years ago over an extended period of
Created ... that means it originated many years ago. Postfix was
created many years ago also! So, is Postfix outdated? No, Postfix
isn't outdated. It is actively developed and maintained.
> >time, by staff at a US ISP, composed of fully qualified POSIX
> >regular expressions, some 1400 or so, and used with the Postfix
> >REGEXP facility. When I began maintaining it and offering it
"... maintaining it ..." see? I would think that something which is
maintained generally isn't outdated. Depends how well the maintainer
maintains it, of course.
Back to Marko:
> i think its better to use postscreen and a regular updated file
> like DROP from spamhaus.
> i refresh this DROP every hour. so maybe wrong listed candidates
> are deleted in the refreshed file.
> a static file can only clients "you" want to have block.
> am i right?
Not entirely. Think of Stan's PCRE list as a compact, local version
of Spamhaus PBL. It lists patterns which have been identified in
reverse DNS names for dynamic hosts, which should not be sending
If you are checking PBL, or more likely, Zen (which includes PBL),
you're not likely to benefit much from Stan's PCRE list, except for
those networks which slipped through the PBL cracks. But there too,
you can also use it as a HELO check after postscreen (things that
make you go "hmmm": postscreen is actually a prescreen!)
If postscreen DNSBLs are your only protection, what happens if your
DNS breaks? Spam flood! Here too, Stan's PCRE list can help, again,
at least as a HELO check (client name checks won't fire if DNS is
Consider the "onion" approach, multiple layers of protection. When I
went to postscreen I left all my old spam restrictions alone. On rare
occasions I have seen where they are used.
All that said, I personally have not used Stan's PCRE list, but I've
seen it discussed here and elsewhere for a lot of years. I guess that
means I'm outdated also. ;)
-- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: