POSTFIX configuration probably to old example postscreen option missing

3 posts / 0 new
Last post
#1 Mon, 09/30/2019 - 05:15
Jfro

POSTFIX configuration probably to old example postscreen option missing

This mostly better option for rbl dnsbl list is missing in POSTFIX configuration for example .

POSTSCREEN and POSTGREET am i missing some and are those in the GUI configuration ?

http://www.postfix.org/POSTSCREEN_README.html#before_220

http://www.postfix.org/POSTSCREEN_README.html#before_220

For example, the equivalent config of

reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net

in postscreen terms is

postscreen_dnsbl_sites = sbl-xbl.spamhaus.org, bl.spamcop.net
postscreen_dnsbl_action = enforce

Some consideration where you put rbl check, smtpd_*_restriction or postscreen

Postcreen Pros

    Check before any SMTP transaction because the input was only IP address
    Use Caching mechanism when IP address doesn't found in RBL
    Support weighted score for dnsbl site (for example your internal RBL was more trusted than spamhaus RBL, then you can put postscreen_dnsbl_sites = internal.rbl.example.com*3, spamhaus.org)
    Weight can be negative value to get same effect with permit_dnswl_client
Mon, 09/30/2019 - 18:09
noisemarine

Don't forget you can use the Search function below the Webmin tab and about half way down on the Virtualmin tab.

You may have to manually add desired configuration through Webmin -> Servers -> Postfix Mail Server -> Edit Config Files.

Mon, 09/30/2019 - 18:47 (Reply to #2)
Jfro

Yes manual that is then a kind of proof for old GUI. ( i did use manual ofcourse)

While no support in GUI then i think myself for such important better solution for dnsbl_sites should be IN GUI and config there.

The Users that don't know this are missing some that way, while thinking out of GUI gives only reject_rbl_client ip and site options. for SMTP Client Restrictions.

So i gues some kind of update is needed. Also Postfix 3 is upcoming there you have even more newer nicer options.

With newer versions and more / other yes or no better options when having a GUI for users to set those these GUI's should be udpated for those posible...

I know about manual config options and do most/lot of them by that in Virtualmin / webmin.

But a control panel as much users like GUI ( or even don't know howto do set configs manual) should be up to date with that then?

MY intention for my TS is having this known for those who are searching here, and also hoping that such in next of next-next VM updates could become possible.

While POSTFIX is almost everywhere longer i hope > 2.8 version default in centos 7x is 2.10.1 combi Virtualmin .. and even some could have version 3 so overhaul / update needed for those newer versions?

With this as kind of example where also some ssl tls cyphers and other security stuff PCI and and needs a overhaul to, also the Documentation for that.