Re: postscreen_dnsbl_sites filter syntax?

Tue, 18 Jan 2011 13:29:35 -0800 

Wietse Venema:
> > * Wietse Venema <postfix-users@postfix.org>:
> > > Victor Duchovni:
> > > > On Tue, Jan 18, 2011 at 03:56:45PM -0500, Wietse Venema wrote:
> > > > 
> > > > > Something along the lines of:
> > > > > 
> > > > >     /*
> > > > >      * Workaround. The "," was already in use as dnsbl list separator.
> > > > >      */
> > > > >     for (keep = 0, cp = var_psc_dnsbl_sites; *cp; cp++) {
> > > > >         if (*cp == '[') {
> > > > >             keep++; 
> > > > >         } else if (*cp == ']' && keep > 0) {
> > > > >             keep--;
> > > > >         } else if (*cp == ',' && keep <= 0) {
> > > > >             *cp = ' ';
> > > > >         }
> > > > >     }
> > > > >     dnsbl_site = argv_split(var_psc_dnsbl_sites, ", \t\r\n");
> > > > 
> > > > Right, reasonably elegant, but with the split now on just " \t\r\n".
> > > 
> > > But having "," inside an access control feature it is likely to
> > > break third-party tools that maintain Postfix configuration files.
> > > 
> > > The alternative is to change the address filter syntax, and to
> > > replace "," by a different set separator such as ";".
> 
> The [x,x] syntax never worked in main.cf, so I can't break
> configuration file compatibility by changing to [x;x].
> 
> But I would have to update a dozen regression tests that I wrote
> for the code module that implements the address filter.

This changes the syntax to:

potscreen_dnsbl_sites:

       Specify a list of domain=filter*weight entries, separated by  comma  or
       whitespace.

       o      When  no "=filter" is specified, postscreen(8) will use any non-
              error DNSBL reply.  Otherwise,  postscreen(8)  uses  only  DNSBL
              replies  that match the filter. The filter has the form d.d.d.d,
              where each d is a number, or a pattern inside []  that  contains
              one or more ";"-separated numbers or number..number ranges. 
              ...

reject_rbl_client rbl_domain=d.d.d.d

              Reject the request when the reversed client network  address  is
              listed  with  the  A  record "d.d.d.d" under rbl_domain (Postfix
              version 2.1 and later only).  Each "d" is a number, or a pattern
              inside "[]" that contains one or more ";"-separated numbers or
              number..number ranges (Postfix version 2.8 and  later). 
              ...

And likewise for all reject_*bl_* features.

        Wietse

Reply via email to