Does it make sense to enter the same RBL's in the postfix config under smtpd_recipient_restrictions and also in spamassasin? Would one not be enough?
Thanks!
Does it make sense to enter the same RBL's in the postfix config under smtpd_recipient_restrictions and also in spamassasin? Would one not be enough?
Thanks!
If you use the RBLs to block mails directly using smtpd_recipient_restrictions = ... reject_rbl_client ...
the mails are blocked if the sender is on one of the lists. So, such a mail would never get to spamassasin either.
One possibility is to use postscreen, which is a service in front of postfix (not a real SMTP-Daemon) that sorts out the obvious spammers from the incoming connections by using some basic rules and simple checks. If a mail passes all, then the smtp-connection is passed to postfix's smtpd.
And postscreen is now capable of weighting the Blocklists and can trigger if a value is exceeded. An example from postconf.5.html#postscreen_dnsbl_sites
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = example.com*2, example.net, example.org
I think it is quite obvious how it works, and I suggest to use this feature instead of blocking immediately if the sender is listed on one RBL, as this often leads to false positives. Using this method, the usage of RBLs in spamassisin makes sense, as this software has much more information available to decide if it's spam or not, and RBLs are one possible input.