On 03/11/2021 15:20, Bill Cole via mailop wrote:
On 2021-11-03 at 05:42:36 UTC-0400 (Wed, 3 Nov 2021 10:42:36 +0100) Nicolas JEAN via mailop <nico+mai...@lightmeter.io> is rumored to have said:On 15/10/2021 23:22, Paul Gregg via mailop wrote:The trick to this is not to limit by IP address - but to implement service (API) keys. e.g. each authorised user is given a key e.g. sj3Fa3Gomd937Z12Then they make queries for 44.33.22.11.sj3Fa3Gomd937Z12.myserver.example.com.That way you don't care what IP it comes from, but you know who it is.Nice trick. :)Unfortunately, it seems that it would require modifications to e.g. postfix, or other software, in order to add that identifying string to the DNS query.Not software modification, just normal configuration.In Postfix, postscreen_dnsbl_sites, reject_rbl_client, and every other directive to do DNSBL queries takes arbitrary zone labels as the basis of queries so you can just use secretclientkey.dnsbl.example.com instead of dnsbl.example.com. Postfix also has the ability to customize the error message sent to listed clients so that you do not reveal your client key.
Thanks Paul and Bill, you're right.So it just amounts to some DNS config, and writing the DNS server software that recognizes and acts upon the given 'secret', then.
Regards, Nico
OpenPGP_0x23459069119D37B6.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
