On Thu, Apr 28, 2016 at 07:00:40PM +0300, Вадим Бажов wrote: > Ok, got it. > But this way to place all DNSBL services to a separate file needs me to set > a recipient domain that i protect with rbl_reject chekings (i.e. > example.com). > Is there a simpler way without setting a recipient domain ? > We list DNSBL services under smtpd_recipient_restrictions section without > destination domain (i.e. example.com). So i just need to list them in the > same manner but in a separate file. Could it be done somehow ? (not via > access tables format probably)
What I did was fairly similar to what you're describing, with restriction classes and per-domain rules invoked via check_recipient_access lookup. The lookup checked the recipient domain against an sqlite database which returns the name of that domain's restriction class. This approach does not scale well. What you really want is to develop and to deploy a custom policy service. Perhaps one of the existing policy service projects could be adapted to do this? > >>On 28.04.2016 13:28, Wietse Venema wrote: > >>>????? ?????: > >>>>Hi, list ! > >>>>I need to place rbl rules with domains in a separate file and connect it > >>>>to postfix via access map directive. > >>>> > >>>>Let's say something like this: > >>>> > >>>>>smtpd_recipient_restrictions = > >>>>> permit_mynetworks > >>>>> reject_unauth_destination > >>>>> check_recipient_access hash:/etc/postfix/rbl_rules > >>>>/etc/postfix/rbl_rules : > >>>>>reject_rbl_client zen.spamhaus.org > >>>>>reject_rbl_client rbl.rbldns.ru > >>>>>reject_rbl_client b.barracudacentral.org > >>>>>reject_rbl_client dnsbl.sorbs.net > >>>>>reject_rbl_client bl.spamcop.net > >>>>I need it to be highly flexible. To let people in my network > >>>>configure DNSBL server list whenever they want. I'll say first: this is not a function I'd want to put in the hands of people who don't know about email and spam. My approach was to give a domain owner/manager a general strategy to use, such as "aggressive", "moderate", "conservative", or "permissive", and I manage which DNSBLs are used within each strategy definition. Too often here we see postmasters who use DNSBL services without knowing their policies (or even if the service is still being offered, in many cases!) How can we expect end users to keep up with these things? Even my "permissive" level uses Zen.spamhaus.org, but that's the only DNSBL, and DNS whitelists are used also. And all of this is behind the same postscreen, with a DNSBL scoring system. > >>>>How can i do that ? > >>>Use an SQL database. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
