On 6/13/2015 6:33 PM, Benny Pedersen wrote: > wie...@porcupine.org skrev den 2015-06-14 01:02: > >> /etc/postfix/main.cf: >> postscreen_greet_action = enforce >> postscreen_dnsbl_action = enforce >> postscreen_dnsbl_sites = ...your DNSBL server here... > > could postscreen be extended to sqlite dnsbl sites ?, to slow ?
The postscreeen_access_list can use any supported DB type, but not all types make sense here. Speed is a primary concern, but not the only concern. CIDR tables are (strongly) recommended, but not required. > > i thinking fail2ban update sqlite based on auth on port 25 fails, > saves running rbldns > >> You can use rbldnsd to run your own DNSBL server. > > why when postfix supports so many good db backends ? The question was about sharing blacklist data among several servers. A local DNSBL is by far the easiest and likely best performing of the available choices. A DNSBL also allows a custom reject message -- another of the OP's requests, and not supported with postscreen_access_list. -- Noel Jones
