On 24 Aug 2010, at 21:37, Wietse Venema wrote:
> Stan Hoeppner:
>> Wietse Venema put forth on 8/23/2010 10:11 AM:
>>> Noel Jones:
>>
>>> (Might be time to revisit DNS whitelists in
>>>> postfix.)
>>>
>>> Maybe someone can draft a strawman user interface:
>>>
>>> - what is the configuration syntax
>>>
>>> - what does that syntax mean
>>>
>>> - how to make it safe ( we don't want "open relay" problems)
>>>
>>> I'm currently doing this for postscreen, and won't have time for
>>> other Postfix features.
>>
>> accept_dnswl_client (default: 0)
>>
>> 0 - accept all messages
>> 1 - accept messages with trust level 1-3
>> 2 - accept messages with trust level 2-3
>> 3 - accept messages with trust level 3
>
> This looks somewhat like RFC 5782, with reputation scores and
> confidence values encoded in the lower octets as numbers in the
> range 0-255.
>
> With reject_rbl_client etc. Postfix can use different DNSXLs names
> in different access lists, and filter the result. For example, to
> select responses from some.example.com with value 127.0.0.4:
>
> smtpd_mumble_restrictions =
> ...
> reject_rbl_client some.example.com=127.0.0.4
> ...
>
> I suppose that similar selection would be help with whitelists.
Just to add to the mix if Postfix is working on whitelist implementation...
Spamhaus has assigned 127.0.2.0/24 for whitelist return codes. The new Spamhaus
Whitelist ("SWL") due out very shortly will return 127.0.2.2 and 127.0.2.3 and
Spamhaus' new Domain Whitelist ("DWL") will return 127.0.2.12 and 127.0.2.13.
We will explain what these codes mean closer to the release date (sometime in
September).
In the case of the Spamhaus Whitelist ("SWL"), the implementation we want
people to use is that a message from an IP on the SWL should be allowed
immediately past all spam filtering and all content filtering and passed
straight to the virus filter if any.
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
