Jon Ribbens a écrit : > On Thu, Oct 16, 2008 at 04:39:58PM +0200, mouss wrote: >>> (a) Match an IP address whose reverse DNS matches 'domain.tld'. >> This can't be trusted. nobody can use this for access control. > > Indeed. > >>> (c) Match an IP address which is listed as one of the results for an >>> A-record lookup of 'doman.tld'. >> You can exclude this by yourself: if I use a pcre (or regexp) map, would >> postfix try all possible strings that matchall the regular expressions, >> do a DNS lookup until it finds a match??? > > That argument doesn't follow. This isn't a pcre map, it's a DNS map.
what is a DNS map? There is no such thing in postfix. > >> "matches domain.tld", means that the rDNS matches this. and rDNS is only >> used if it is "forward confirmed". > > Thanks. > >> choice 1: give all the IPs the same rDNS. >> choice 2: give each an rDNS in a specific subdomain > > It's not under my control, unfortunately I can't do this. > It appears Postfix is inferior to Exim here :-( > Then use exim. >> choice 3: use a script to generate a cidr map from the zone file, and >> run the script whenever the zone file is updated. > > I suppose I'll have to hack something together, yes. > Choice 4: use a policy server or a milter. Then you can implement whatever checks you want.
