John Summerfield escribió:
In postfix we are very picky about who we listen to, your IP must resolve, your helo name must resolve, your IP address must not me mentioned in any blocklist we use (spamhaus is the best). Those rules alone block at least half the spam.
My postfix those all the resolve sender MTA, but I'm totally against dnsbl as, for example, my ISP often gets in some of them.
Also, nobody I handle mail for speaks Chinese, Korean, Russian, Spanish or Portugese or expects mail from places where any of those is the primary language. Therefore, when I'm checking my logs and see an attempt to break in using ssh, or send spam I have no hesitation in blocking the entire network as revealed by whois. Mostly, it's a /24 network, but there are one or two /13s.
I would prefer to get 1 or 2 spams (which I don't get with my actual configuration) then lose mail due to very stricy mail policies.
