Daniel L. Miller:
> Henrik K wrote:
> > On Sun, Jan 17, 2010 at 10:44:48PM -0800, Daniel L. Miller wrote:
> >
> >> Daily scanning of logfiles does not accomplish this. Nor would even an
> >> hourly scan - and constant logfile scanning strikes me as inelegant. If
> >> there is any method currently existing within Postfix to accomplish this
> >> goal please point me at it! If not, I'd like to discuss possible means
> >> and methods for a future implementation.
> >>
> >
> > I've been meaning to make something like this for postfix, your post
> > refreshed me. Amavisd-new penpals is ok (and you can make other custom
> > queries to it's database), but it can't make MTA bypass all the ptr/helo/foo
> > checks. My main problem is all bad SOHO servers etc that get blocked by
> > those.
> >
> > It can be achieved with a simple policy daemon that records all outgoing
> > recipients and/or relays and compares them for incoming messages, possibly
> > adding a header that you can also reuse in SA for scoring.
> >
> I created one - the problem is execution. I took the greylist.pl and
> tweaked it - and it now adds recipient addresses to a database very
> simply. But I only want that to happen with valid senders/clients.
> Placing this policy daemon, which always returns "dunno", in the
> smtpd_recipient_restrictions very simply generates a list of recipients
> - but without any validation. And duplicating validation within this
> daemon strikes me as wasteful.
>
> Ideally, I'd like this daemon called immediately upon successful
> delivery, or at what Postfix determines as "successful delivery" based
> on the remote server response. Without tailing the logfile I don't see
> how else to accomplish it - but I don't LIKE that form of
> implementation. Might be the only way to do it at this time - but
> perhaps having such status messages available might be considered
> sufficiently worthwhile to implement a new feature?
I'm not sure you are solving the right problem. What is the likelihood
that a local user specifies an invalid remote address, and how
problematic is it for your to have a few invalid remote addresses
on your whitelist? If you use a btree or hash database, they won't
slow down the database searches.
Valid addresses don't live forever, either. After some time you
will have to expire unused entries from your database anyway, so
you might just as well live with a minor degree of pollution from
the occasional invalid remote address.
Wietse
