On 4/12/2013 12:58 AM, /dev/rob0 wrote:
...
> So here's my idea (I think the parameter names are lousy, but it's
> the best I could come up with this late at night):
...
Or....
Maybe you could bash script this:
dig +short txt _netblocks.google.com|sed s/ip4://g \
|mawk '{for(i=2; i<=(NF-1); i++){print($i)}}'
which yields this formatted list of Google outbound CIDRs:
216.239.32.0/19
64.233.160.0/19
66.249.80.0/20
72.14.192.0/18
209.85.128.0/17
66.102.0.0/20
74.125.0.0/16
64.18.0.0/20
207.126.144.0/20
173.194.0.0/16
then diff this against your postscreen whitelist and append any new
entries. You'd cron this to a $suitable_interval, say nightly. If/when
Google adds any new outbound networks you're covered.
This seems quite a bit less effort than Wietse adding the feature you
requested. The end result is nearly identical, at least for the Google
case, and can easily be extended to cover other domains. And with this
method the Google outbounds skip all Postscreen processing entirely, not
just the after 220 tests.
--
Stan
