On 11/12/18, Tom <tomtux...@gmail.com> wrote: > I mean the other way: > > My feeded RPZ blocks othercompany.com and *.othercompany.com. Therefore > any qtype (MX, A, AAAA...) are blocked for this domain. Is there a way > with BIND just to whitelist the MX for othercompany.com and the > consequent A-Record (ex. mail.othercompany.com) that we are able to send > mail to othercompany.com?
mail.othercompany.com CNAME rpz-passthru. *.othercompany.com CNAME . in your rpz zone file doesn't do what you want? Lee > > > > > On 09.11.18 14:39, Lightner, Jeffrey wrote: >> That wouldn't help you much. Many mail systems these days check not only >> your MX record but also your PTR record to make sure the IP you came from >> has a valid (i.e. not generic) reverse lookup. They'll also check things >> like dkim or spf TXT records. If they don't like what they find they'll >> simply reject email even if you haven't been blacklisted. >> >> In general blacklisting services blacklist specific IPs rather than >> domains anyway. A work around would be to change the outbound IP your >> mail server uses rather than changing other records. Of course you'd have >> to make additional changes for the PTR, A/AAAA and TXT records for the new >> IP you select. >> >> Many blacklisting services have a way to delist yourself. >> >> However, if you don't fix the underlying problem that caused you to be >> blacklisted in the first place any new IP will quickly be blacklisted as >> well and/or delisting yourself a second time is much more difficult. >> >> If you are sending multiple automated emails (e.g. invoices or marketing >> materials) to customers you need to be monitoring for returns and removing >> rejected email addresses from your databases. These often occur because >> the customer no longer has the email address they originally gave you (or >> they had a typo in what they gave you). >> >> -----Original Message----- >> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of >> Tom >> Sent: Thursday, November 08, 2018 11:49 PM >> To: bind-users@lists.isc.org >> Subject: Re: Rewrite/Override QTYPE with RPZ >> >> Fore example "example.com" and "*.example.com" are blacklisted. I would >> like to return a real ip address for special query types like MX or TXT, >> but not for A or AAAA. >> >> Tom >> >> >> On 08.11.18 16:44, Barry Margolin wrote: >>> In article <mailman.775.1541690246.803.bind-us...@lists.isc.org>, >>> Tom <tomtux...@gmail.com> wrote: >>> >>>> Hi all >>>> Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is >>>> this planned in future releases of BIND? >>> >>> What would be the point? If a query is for MX, and you return A >>> instead, the client won't be able to do anything with it. >>> >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
