Stan Hoeppner:
> Wietse Venema put forth on 8/23/2010 10:11 AM:
> > Noel Jones:
>
> > (Might be time to revisit DNS whitelists in
> >> postfix.)
> >
> > Maybe someone can draft a strawman user interface:
> >
> > - what is the configuration syntax
> >
> > - what does that syntax mean
> >
> > - how to make it safe ( we don't want "open relay" problems)
> >
> > I'm currently doing this for postscreen, and won't have time for
> > other Postfix features.
>
> accept_dnswl_client (default: 0)
>
> 0 - accept all messages
> 1 - accept messages with trust level 1-3
> 2 - accept messages with trust level 2-3
> 3 - accept messages with trust level 3
This looks somewhat like RFC 5782, with reputation scores and
confidence values encoded in the lower octets as numbers in the
range 0-255.
With reject_rbl_client etc. Postfix can use different DNSXLs names
in different access lists, and filter the result. For example, to
select responses from some.example.com with value 127.0.0.4:
smtpd_mumble_restrictions =
...
reject_rbl_client some.example.com=127.0.0.4
...
I suppose that similar selection would be help with whitelists.
> I assume postscreen processes or passes this data to smtpd in a way that
> smtpd will automatically bypass all checks normally performed during the
> CONNECT phase.
Postscreen passes no session information to the SMTP server. The
file handle is all the SMTP server gets. We're talking about a
really tight development budget here.
Wietse
