On 5/14/2014 10:50 AM, Benny Pedersen wrote:
> Marius Gologan skrev den 2014-05-14 17:21:
>> This should help you discover most (not all) IP ranges in cidr
>> format:
>> host -t txt outlook.com | tr " " '\n' | awk '/\./' | sed
>> "s/include:\|ip4://g" | sort -u | grep -i "[a-z]" | while read
>> record; do
>> host -t txt $record ; done | tr ' ' '\n' | awk -F ":"
>> '/[0-9]*\.[0-9]/
>> {print $2"\tpermit"}' | sort -u
>
> missing ip6 mx a aaaa
>
> but the basic are there :=)
>
> if one make a spf tool that list all ips pr sender domain in a easy
> parselble form it would be nice to see, use spf as safe source for
> the cidr list to postscreen
A far more scalable solution:
a) don't use "scoring" DNSBL's such as spamcop in postscreen
b) use a DNSWL such as list.dnswl.org in postscreen so you don't
reject mail from a legit host. Yes, hotmail is a legit host.
Remember, postscreen is designed to keep easily identified zombies
out, not to do all your spam filtering.
This doesn't mean accept all mail from hotmail, but instead be
careful when you're painting with a very broad brush.
Hotmail should still be passed to the content filters and antivirus
for more in-depth analysis.
-- Noel Jones
