Hi Wietse, No, I don't mean the local files. Local files are effective for local admins, not for the world nor a community.
The mechanisms I have in mind are similar to: reject_rhsbl_reverse_client reject_rhsbl_sender reject_rbl_client but for the corresponded Name servers (names and IPs). RBLs providers listing IP ranges: sbl.spamhaus.org Any other accurate provider listing abused IPs. Spammers tend to preserve their NS servers on abused IPs, only because they are not used in sending. RBLs provider for NSs (used in Spamassassin scoring URIs): URIBL zones: http://uribl.com/usage.shtml URIBL_BLACK_NS - for Names. RIBL_BLACK_NSIP - for IPs. I own one - not popular. Used only to complement a free gateway alternative I run on Postfix. That makes me biased, but doesn't mean I'm wrong. Postfix has all the pieces and mechanisms to put together. Thank you. Marius. -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, February 23, 2016 10:27 PM To: Postfix users Subject: Re: Feature request - blacklist check for NS Marius Gologan: > Would be useful to have a native blacklist check for the Name servers > (names and IPs) of the sender domain and unverified client domain name. Did you mean: check_client_ns_access check_reverse_client_ns_access check_helo_ns_access check_sender_ns_access check_recipient_ns_access These use a "native" blacklist called "Postfix access table" that allows you to block mail from anyone who uses a particular DNS server. > I've been using scripts to achieve this and and the results are > effective in the following cases: > > - when the spammer rotates the IPs, Domain names and subdomains. > > - when the spammer uses new TLDs with tolerant registrars or hosts his > own NS. > > - existent RBLs (listing IPs) can be used for NS check. Weight would > provide granularity instead of just a black or white action. What DNSBL services provide reputation about DNS server IP addresses? Wietse > I've noticed Postfix is already resolving the Name servers. I presume > much of the necessary work is already there. > > > > Thank you. > > > > Marius. >
smime.p7s
Description: S/MIME cryptographic signature
