Use external blacklist instead of filtering by IP

[DerDakon]

https://github.com/OpenRailwayMap/server-admin/blob/2dc65f8a9f8bbe37bb73bb7d164ef9ded520a9dc/ansible/roles/mail/tasks/files/postscreen_access.cidr#L3

Doing it that way will be a never ending story. Try this: https://docs.iredmail.org/enable.dnsbl.html

The example blacklists are a good start. I also use http://www.dnsbl.manitu.net/?language=de

[Nakaner]

My personal mailserver users Spamhaus DNSBL (and BIND for local requests in order not to hit the usage limits). However, Spamhaus blocks DNS requests from Hetzner customers (experience as co-operator mail2.fossgis.de).

But you are right, hand-crafted lists cannot be the only solution. I will have a look at the Manitu list.

[DerDakon]

That's not true anymore, my mailserver is also in the Hetzner range and it works for me. It is true that they have blocked it in the past.