On Wed, 25 Aug 2010, Noel Jones wrote:
The user interface would be familiar to anyone using rbl checks. Sample
documentation under the appropriate smtpd_mumble_restrictions section:
- permit_dnswl_client dnswl_domain=d.d.d.d
Accept the request when the reversed client IP network address is listed
with an A record of d.d.d.d under dnswl_domain. If no =d.d.d.d is given,
accept the request with any A record under dnswl_domain. For safety, only
authorized destinations are accepted, see permit_auth_destination.
- permit_rhswl_client rhswl_domain=d.d.d.d
Accept the request when the client hostname is listed with an A record of
d.d.d.d under rhswl_domain. If no =d.d.d.d is given, accept the request with
any A record under rhswl_domain. For safety, only authorized destinations
are accepted, see permit_auth_destination.
Seems like this one would be very easy to use, and fairly easy to implement.
This sounds like a reasonable proposal, and I would argue that maintaining
parity with existing smtpd features is important, whether or not
postscreen ever grows an analogous mechanism. Unconditionally returning
permit_auth_destination should make this suitably safe, despite the simple
interface.
As it happens, I have a partial implementation of such a feature that I
was playing with a few years ago, and could probably be coerced into
updating it for current releases and posting a patch, if there is further
consensus that this is the desired interface and/or mechanism.
-Rob
