Chad M Stewart:
>
> Before I go and write my own solution I thought I'd see if anyone
> knows of an existing solution.
>
> Now and again I'd like to put an IP on a local blacklist and have
> an expiration time set as well. I'm using postscreen as well and
> ideally the blacklist will get implemented via postscreen.
>
> Anyone know of an existing tool that integrates with postfix that
> would let me do what I want? I'm open to storing the IP and TTL
> values in plain text, MySQL, rbldnsd, etc..
Blacklist expiration is not built into Postfix.
If you want to use this with postscreen there are two options:
- Store the blacklist in DNS.
- Store the blacklist in an LMDB database. LMDB is safe for concurrent
reads and writes. Add/remove entries with a cron job, perhaps using
"postmap -i" to add one more more entries, or "postmap -d" to delete
an entry.
- Storage in MySQL etc. is too slow. postscreen requires latencies
well under a millisecond.
Currently, LMDB has an open problem with rebuilding a large database
from scratch (as with "postmap"). This explicit upper limit is
expected to be lifted in the near future (and it won't be replaced
with a lame upper limit that involves using up all system memory).
Wietse
