On Tue, 2012-08-28 at 15:53:28 -0500, Noel Jones wrote:
> On 8/28/2012 3:38 PM, Gábor Lénárt wrote:
> > On Tue, Aug 28, 2012 at 04:33:16PM -0400, Jon A. wrote:
> >> I'd like to immediately reject mail for all destinations with ONLY a
> >> fakemx.net record. While I could block these as I find them, I'd prefer to
> >> detect it if possible.
> >> One such:
> >>
> >> hitmail.com mail is handled by 0 mx.fakemx.net.
> ...
> Be aware the postfix built-in check_*_mx_access will match if ANY of
> the MX records match.
>
> To reject domains with ONLY fakemx MX records, you'll need to use an
> external policy service.
The OP could also query, via check_recipient_access, a spawn(8)-managed
TCP table; I do not know how well that would scale. An untested code
snippet that requires the external dnspython module is below. Please do
not use it in production; it is just to illustrate the approach.
#!/usr/local/bin/python
import os, sys, dns.resolver
# autoflush STDOUT
sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)
# initialize a resolver with 2s timeout
resolver = dns.resolver.Resolver()
resolver.lifetime = 2
while True:
try:
fakemx = 0
domain = raw_input().lstrip('get ').lower().rsplit('@', 1)[1]
answer = resolver.query(domain, 'MX')
for mx in answer:
if 'mx.fakemx.net' in mx.to_text(): fakemx += 1
if fakemx == len(answer):
print('200 REJECT mail not deliverable (only destination is fakemx.net)')
else:
print('200 DUNNO')
except:
print('200 DUNNO')
--
Sahil Tandon
