On 2/23/2016 3:46 PM, Wietse Venema wrote: > Marius Gologan: >> Hi Wietse, >> >> No, I don't mean the local files. Local files are effective for local >> admins, not for the world nor a community. >> >> The mechanisms I have in mind are similar to: >> reject_rhsbl_reverse_client >> reject_rhsbl_sender >> reject_rbl_client >> but for the corresponded Name servers (names and IPs). > > You could use check_mumble_ns_access with a tcp_table. Postfix > will send the DNS server's name and IP address(es) to the tcp_table, > and your TCP server could do the DNSBL query. > > man 5 tcp_table > > Wietse >
A good example for a tcp_table is the checkdbl.pl script found here: https://people.freebsd.org/~sahil/scripts/checkdbl.pl.txt That script would only need trivial changes to work as a check_*_ns_access table. -- Noel Jones
