Erik Logtenberg put forth on 3/15/2010 11:16 AM: > Hi, > > Is there a possibility to use a DNS-based RBL whitelist in Postfix? In > The Netherlands we have an NL-Whitelist, which contains the IP's of all > major ISP's. By using this whitelist one can make sure that accidental > automatic blacklisting won't disrupt regular email traffic. > > I had something like a permit_rbl_client directive in mind, that could > be placed in smtpd_recipient_restrictions, right before the > reject_rbl_client lines. Apparently there is no permit_rbl_client at > this moment, is there any other way to achieve this?
DNS white lists are usually very, very small, relatively, compared to DNS black lists. This is why most DNS based white list providers enable zone transfers, in turn enabling customers to download the entire white list, which is then queried locally. Once it's local the tempfail issue is non existent. This is why nearly all DNS white list implementations are handled this way. It increases reliability fundamentally. DNS whitelists need to be fundamentally more reliable than DNS blacklists. How many records are in the DNSWL you mention? 200? 2000? There are a few million records in the Spamhaus and SORBS lists. If they tempfail, mail still comes through, although other A/S measures get a whack at it. If a DNSWL tempfails, you have more than a desired level of complexity to deal with this situation properly. Thus, it is optimal to deal with a local copy of the whitelist. What is preventing you from grabbing a copy of this .nl whitelist and querying against it locally either as a map file or via an RBLDNSD setup? -- Stan
