- On Thu, Mar 28, 2013 at 11:15:02AM +0100, Marko Weber | ZBF wrote:
> "The table was created many years ago over an extended period ofThat was what Stan said, yes.
> so, its outdated?Let's scroll down through the mass of quoting over which you
top-posted and see what Stan said about that. (It means I'll have to
fix the rest of the top-posting to get to the rest of your comments,
but have no fear, I will.)
> Am 2013-03-25 20:04, schrieb Stan Hoeppner:Created ... that means it originated many years ago. Postfix was
> >The table was created many years ago over an extended period of
created many years ago also! So, is Postfix outdated? No, Postfix
isn't outdated. It is actively developed and maintained.
> >time, by staff at a US ISP, composed of fully qualified POSIX"... maintaining it ..." see? I would think that something which is
> >regular expressions, some 1400 or so, and used with the Postfix
> >REGEXP facility. When I began maintaining it and offering it
maintained generally isn't outdated. Depends how well the maintainer
maintains it, of course.
Back to Marko:
> i think its better to use postscreen and a regular updated fileNot entirely. Think of Stan's PCRE list as a compact, local version
> like DROP from spamhaus.
> i refresh this DROP every hour. so maybe wrong listed candidates
> are deleted in the refreshed file.
> a static file can only clients "you" want to have block.
> am i right?
of Spamhaus PBL. It lists patterns which have been identified in
reverse DNS names for dynamic hosts, which should not be sending
If you are checking PBL, or more likely, Zen (which includes PBL),
you're not likely to benefit much from Stan's PCRE list, except for
those networks which slipped through the PBL cracks. But there too,
you can also use it as a HELO check after postscreen (things that
make you go "hmmm": postscreen is actually a prescreen!)
If postscreen DNSBLs are your only protection, what happens if your
DNS breaks? Spam flood! Here too, Stan's PCRE list can help, again,
at least as a HELO check (client name checks won't fire if DNS is
Consider the "onion" approach, multiple layers of protection. When I
went to postscreen I left all my old spam restrictions alone. On rare
occasions I have seen where they are used.
All that said, I personally have not used Stan's PCRE list, but I've
seen it discussed here and elsewhere for a lot of years. I guess that
means I'm outdated also. ;)
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
- On 2013-03-27 23:11, Matthew Hall wrote:
> I ran into a bit of an issue trying out fqrdns.pcre as recommendedadd permit_sasl_authenticated before fqrdns.pcre testing
> here in this thread. The header in the file recommended adding it
> smtpd_client_restrictions. However if I place it there, I end up
> rejecting mail even from SASL authenticated client devices, if they
> also match a rule in fqrdns.pcre.
senders that put my email into body content will deliver it to my own
trashcan, so if you like to get reply, dont do it