Wietse Venema:
> I could rip out the DNSBL client code from the Postfix SMTP daemon
> source code and make it available as 1) a lookup table to all programs
> 2) a library module that implements the underlying DNS client code.
I played with this idea over the weekend while taking breaks from
chores around the house.
Here is an example:
$ postmap -q 127.0.0.2 dnsxl:zen.spamhaus.org
127.0.0.4 127.0.0.10 127.0.0.2
$ postmap -q 168.100.189.2 dnsxl:list.dnswl.org
127.0.9.3
$
Instead of IP addresses it also takes queries with domain names or
email addresses (in the latter case it queries with the domain
portion of the email address).
The lookup result contains all the IP addresses in the DNSBL/DNSWL
response. Just like reject_rbl_client and reject_rhsbl_sender,
this map understands filters. For example:
dnsxl:list.dnswl.org=127.0.[0..255].[1..3]
will return "not found" unless the result IP address matches the
pattern.
By itself, dnsxl maps may be useful in contexts that perform "list
membership" lookup such as smtpd_client_event_limit_exceptions,
where the lookup result value is ignored, For example, to prevent
password brute-forcing from bot-infected systems:
smtpd_client_event_limit_exceptions = dnsxl:xbl.spamhaus.org
In contexts where the action depends on the content of a lookup
result such as SMTPD access maps, the raw result (one or more IP
addresses), would have to be transformed into a specific action
such as "reject" or "permit". That requires some syntax for map
stacking.
Wietse
