Weighted DNSBLs with Postfix

For a really long time, I’ve been dreaming about the perfect mailserver setup. It would be almost perfect at telling spam from non-spam; it would include calendaring and a web GUI that actually looked good; it would be fast; it wouldn’t have issues sending mail to various ISPs…

My current — far from perfect — mailserver runs postfix-policyd, but the old version. It has a few features I love. I can easily set up spamtraps, for example, by just adding them to the relevant MySQL table. I have HELO-based restrictions: if you connect and say “HELO n1zyy.com” or “HELO 64.191.108.120” (my hostname or IP), your IP is blacklisted for a few days. If you email a spamtrap, your IP is blocked for a few days. It does greylisting, but I can do it per-mailbox — and even on the fly, it seems.

That’s not quite perfection, though. What I’ve really wanted for a long time is the ability to do weighted DNSBLs. Individually, trusting any DNSBL is bad. Even though most are reputable, if one person says you’re a spammer, that shouldn’t stop you. If multiple people say you’re a spammer, though, block away. Ideally, I’d be able to set per-list scores; if a conservative list says you’re a spammer, that counts a lot more than the lists that list whole netblocks.

policyd-weight turns out to be exactly what I want, and more. As the name implies, it computes a weight based on a variety of factors, looking at DNSBLs (and RHSBLs!) and also the HELO. I think I’m going to toy with this a bit, but it looks promising.

Tangentially, Atmail (@Mail) is the first webmail client I’ve ever seen that actually looks good. And it looks really good. It’s not only closed-source, though, it’s expensive. But it’s still tempting.

Leave a Reply

Your email address will not be published. Required fields are marked *