Wietse:
> In the CIDR table, specify netblocks as follows:
>
> 192.168.1.1 dunno
> 192.168.1.0/24 reject
>
> I.e. specify the good clients before the bad ones. Instead of
> "dunno" specify "permit" if you are certain that the host is not
> a bot.
btb:
> right. we do that now. taking advantage of whitelist negative
> scoring to reduce some of the administrative burden would be nice
> though, and also avoid the "fix it after finding out it's broken"
> scenario.
Instead of postscreen_access_list, you could use rbldnsd (or
equivalent) to mix local blacklists with remote whitelists.
I am not ready to give postscreen_access_list control over other
tests (if postscreen_access_list must be able to control dnsbl,
then it must also be able to control pregreet and so on). Nor am I
ready to make every postscreen feature a DNSBL-like score.
Wietse
