This thread is quite helpful to better understanding the SpamHaus “open resolver” issue.
Ideally I’d want to solve this without completely disabling all DNSBLs, for instance by making this kind of tweak to /etc/postfix/main.cf:
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
# Ignore PBL (127.0.0.10-11) and "open resolver" (127.0.0.254) reponses
# https://www.spamhaus.org/faqs/dnsbl-usage#what-do-the-127-return-codes-me>
reject_rbl_client zen.spamhaus.org=127.0.0.[2..9],
YunoHost really doesn’t like manual editing of configuration files, and strongly recommend using the admin interface to tweak settings.
I’d be nice to have more fine-grained control for DNSBL in YunoHost, or a way to tweak/override postfix’s configuration without breaking automatic config generation.
Is this the right place to discuss this? Or should this be raised in a bugtracker?
Cheers