Noel Jones put forth on 11/6/2010 10:05 AM: > On 11/6/2010 9:04 AM, Wietse Venema wrote: >> There's already demand for DNS lookups for header substrings. This >> resulted in a header_checks plugin by Sahil, if I recall correctly. >> >> Native support for DNS lookups from header_checks fragments could >> look like this: > > I think it's premature to design DNS lookups into header checks. > Sahil's header_checks plugin works, but -- at least for me -- blocks > very little additional spam, about 1 per thousand messages received. > I'm not sure it's worth the effort of adding native support. And of > course Sahil's plugin could be easily modified to pre-load DKIM keys if > that's found to be useful.
In all fairness this is relative. IIRC cleanup processes header checks after all other restrictions have run. Thus checkdbl.pl is run after all other defensive checks, so it's going to catch little spam, assuming the rest of your A/S config is decent/aggressive. Correct? This is I wanted to be able to use it as a FILTER action, which didn't seem to work when I tried it. If it could be made to run as a FILTER action you could put it wherever you want in the restrictions order. Even as things are now, for me, even if it only catches 1 spam per recipient address a day, it's worth running because that spam made it past all my other checks. > I'd rather see postfix effort on supporting (pseudo-)?regexp or IP range > for the dnsbl/dnswl result filters, which seems more generally useful. I'm scratching my head trying to think of how this would be used. A client connects, you query the client IP against a dns[w/b]l, take some action upon a hit. How does a regex or IP range come into play here? I'm not accusing you of being on crack Noel. I just can't think of a usage scenario. Maybe it's due this darn cold I picked up... :( -- Stan
