On 16/07/2016 03:16, /dev/rob0 wrote:
An MX lookup based on client IP is not possible. There are generally
no MX records in "arpa." zones. MX lookup would be based on the
domain in the MAIL FROM: address. That does indeed require SMTP
inspection. As implemented, postscreen does not know the MAIL FROM:
address until after it has already decided to reject or defer the
client.
This requires both the lookup of the domain's MX, and then an A/AAAA
lookup of the MX hostname[s]. These lookups are necessarily in
sequence rather than in parallel.
Likewise, SPF (the "S" stands for "Sender") needs a lookup of the
domain in MAIL FROM:. From there it could require many more DNS
lookups, depending on whether the SPF/TXT record exists and on the
content thereof.
No, we are not going to see these features in postscreen. They do
not make sense.
OK, you are right, I see your point and postscreen should not do that.
I was thinking it more in simple DNS terms only and a simply reverse
look up of the IP and then extract the domain from there but it is not
possible without the FROM.
