Erik Logtenberg a écrit : >[snip] > Thanks for your reply. I see that I could construct a policy service to > do this, but it seems simpler and much more efficient to let postfix do > this natively. It already has al the DNS-resolving code and whatnot, I > would guess it shouldn't take much more than an extra negation somewhere > to make it permit instead of deny. >
an alternative is to rsync the whitelist (if that's possible) and use it as an access map. This is how I use DNSWL (see www.dnswl.org). > Wietse, is there a reason why you would not want a permit_rbl_client > feature in postfix? If not, then I would like to hereby suggest this > feature request. > If you would approve the feature request but don't have the time and/or > other incentive to implement it, I'd gladly try to submit a patch. One of the design issues is what to do if the whitelist query tempfails? if postfix tempfails, then you defer all mail (or a large part). if you pass, then you get "non deterministic" behaviour. if a permit_rbl_... is accepted, I'd rather go for a check_dnsbl_client, allowing one to return restriction classes/PREPEND/... (that said, the design is even more problematic).
