Stan Hoeppner:
> Wietse Venema put forth on 8/30/2010 1:29 PM:
> > Victor Duchovni:
> >> On Mon, Aug 30, 2010 at 01:06:28PM -0500, Stan Hoeppner wrote:
> >>
> >>> Is there a straightforward (i.e. relatively painless) way to check the
> >>> header from, reply-to, and message-id domains against dbl.spamhaus.org
> >>> and reject on a positive reply as with reject_r*bl_client?
> >>
> >> Not from Postfix. There is currently no support in cleanup(8)
> >> for extracting domains from headers and applying RBL checks. The
> >> Postfix SMTP server does not look at the message content.
> >
> > Some courageous person could implement this as:
> >
> > header_checks = tcp:127.0.0.1:port
> >
> > and write a Perl script that rips domain names from headers and
> > runs them through dbl lookups.
> >
> > I don't have time, but with Net::DNS this should involve no more
> > than a dozen lines of code (using the spawn(8) daemon for connection
> > management). As a stand-alone program, maybe two dozen lines.
>
> I'm really new to these particular Postfix features. What would the
> responses need to be?
The responses must be as documented in the header_checks(5) manpage.
In addition, tcp_table(5) documents an on-the-wire protocol to
signal whether a lookup completed with found/notfound/error. This
is a completely separate matter of what is sent as the content of
header_checks lookups and results.
> Will we be sending one header line at a time to the perl daemon (at
> least I assume you suggest to run it as a daemon) or does this dump the
> entire header out all at once? I.e. does the perl daemon send one
> response per header line or one response after processing the entire header?
Header lines are inspected one at a time as documented in the
header_checks(5) manpage.
> I don't have the skills to write this myself or I'd be on it in a
> heartbeat, but I'm going to see if there are any takers on spam-l.
> There are a few perl "heavy hitters" there. I just want to post clear
> and "complete" requirements up front. Is there anything else I'm
> missing? Is having some Postfix experience a necessary prerequisite for
> writing this? The few folks I'm thinking of are more qpsmtp and
> sendmail types. :(
>
> Sorry for any nubish questions. I'm out of my element here.
The manpages in question are:
header_checks(5) for the table-driven mechanism
tcp_table(5) for the table lookup mechanism.
Wietse
