On 3/15/2010 3:16 PM, mouss wrote:
One of the design issues is what to do if the whitelist query tempfails? if postfix tempfails, then you defer all mail (or a large part). if you pass, then you get "non deterministic" behaviour.
When a DNS blacklist lookup fails, the worst that can happen is unwanted mail is accepted. Since you accept unwanted mail anyway, this isn't a real big problem. So with a blacklist failures it's acceptable to "log warning and continue".
When a DNS whitelist fails, the worst that can happen is that mail that should be specifically whitelisted is rejected. This is bad.
I suppose the "failed DNS whitelist lookup" problem could be mostly avoided if the DEFER_IF_REJECT flag was raised on lookup failure. That would allow known good mail to pass, and rejected mail would get a safety net. IIRC last time we discussed this, DEFER_IF_REJECT wasn't invented yet (at least not in it's current form).
if a permit_rbl_... is accepted, I'd rather go for a check_dnsbl_client, allowing one to return restriction classes/PREPEND/... (that said, the design is even more problematic).
Sounds useful, but I can't quite imagine the user interface fitting into the existing framework. Sounds like a job for a policy service.
-- Noel Jones
