Wietse Venema:
> > This is now implemented with minor changes. [...]
>
> I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
> because this is SMTP server code, and I mostly rely on postscreen's
> DNS whitelisting feature).
Same code, now available as postfix-2.8-20101108 regular sn
>
> I'm working on Spamhaus' new whitelist where our goal is to list only
> mail sources clean enough that you can skip the rest of the filtering.
> (So far so good, but it's still pretty small.)
>
> You're welcome to use it. The IP address version is at swl.spamhaus.org.
>
> For people who lik
Noel Jones put forth on 11/5/2010 11:04 AM:
> On 11/5/2010 10:03 AM, Wietse Venema wrote:
>> This is now implemented with minor changes.
>
> Excellent! Looking forward to a test drive.
Excellent indeed. Thank you for implementing this Wietse.
Jerrale, it appears Wietse just solved your problem
On 11/5/2010 6:24 PM, Wietse Venema wrote:
This is now implemented with minor changes. [...]
I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
because this is SMTP server code, and I mostly rely on postscreen's
DNS whitelisting feature).
ftp://ftp.porcupine.org/mirrors/postfix-
On Fri, Nov 05, 2010 at 04:51:14PM -, John Levine wrote:
> >Should we mention that these should only be used to reduce FPs from
> >blacklists that follow, and that are expected to not list legitimate
> >clients. ...
>
> Depends on the whitelist.
>
> I'm working on Spamhaus' new whitelist whe
On Fri, Nov 05, 2010 at 12:27:06PM -0400, Wietse Venema wrote:
> > Should we mention that these should only be used to reduce FPs from
> > blacklists that follow, and that are expected to not list legitimate
> > clients. Thus any temporary DNS lookup error would likely result an an
> > additional
>Should we mention that these should only be used to reduce FPs from
>blacklists that follow, and that are expected to not list legitimate
>clients. ...
Depends on the whitelist.
I'm working on Spamhaus' new whitelist where our goal is to list only
mail sources clean enough that you can skip the
Victor Duchovni:
> On Fri, Nov 05, 2010 at 11:03:34AM -0400, Wietse Venema wrote:
>
> > The current manpage text reads:
> >
> >reject_rbl_client rbl_domain=d.d.d.d
> > ...
> >permit_dnswl_client dnswl_domain=d.d.d.d
> > Accept the request when the reversed client
On 11/5/2010 10:03 AM, Wietse Venema wrote:
This is now implemented with minor changes.
Excellent! Looking forward to a test drive.
-- Noel Jones
On Fri, Nov 05, 2010 at 11:03:34AM -0400, Wietse Venema wrote:
> The current manpage text reads:
>
>reject_rbl_client rbl_domain=d.d.d.d
> ...
>permit_dnswl_client dnswl_domain=d.d.d.d
> Accept the request when the reversed client network address is
>
On 8/25/2010 6:20 PM, Rob Foehl wrote:
On Wed, 25 Aug 2010, Noel Jones wrote:
The user interface would be familiar to anyone using rbl
checks. Sample documentation under the appropriate
smtpd_mumble_restrictions section:
- permit_dnswl_client dnswl_domain=d.d.d.d
Accept the request when the re
Updated Proposal for weighted dnsXl support in postscreen.
(Change parameter names to all start with postscreen_dns* for
easy reading in postconf. Get rid of negative site weight
values [the client dnsxl score total may still be negative].
Add filter octet range docs.)
(The weight ranges d
On 8/26/2010 4:14 PM, Wietse Venema wrote:
> The more precise solution is to implement wildcards with ranges:
>
> example.com=127.0.[0-128].3*1
> example.com=127.0.[0-5,6-9].3*1
Noel Jones:
> I like the range idea. You want proto docs reflecting that
> syntax?
Yes, that would help everyone to u
On 8/26/2010 4:14 PM, Wietse Venema wrote:
On 8/26/2010 2:28 PM, Wietse Venema wrote:
You can't use an alphanumerical operator such as "w", because the
"=127.0.*.3" portion is optional.
...
The more precise solution is to implement wildcards with ranges:
example.com=127.0.[0-128].3*1
example.
Noel Jones:
> This looks like a useful concept. If we use "*" as an octet
> wildcard, we'll need to use something else as the weight modifier.
> dnsbl_site=127.0.*.3w1 seems reasonable.
On 8/26/2010 2:28 PM, Wietse Venema wrote:
> You can't use an alphanumerical operator such as "w", because the
On 8/26/2010 2:28 PM, Wietse Venema wrote:
Noel Jones:
This looks like a useful concept. If we use "*" as an octet
wildcard, we'll need to use something else as the weight
modifier. dnsbl_site=127.0.*.3w1 seems reasonable.
You can't use an alphanumerical operator such as "w", because the
"=1
Noel Jones:
> This looks like a useful concept. If we use "*" as an octet
> wildcard, we'll need to use something else as the weight
> modifier. dnsbl_site=127.0.*.3w1 seems reasonable.
You can't use an alphanumerical operator such as "w", because the
"=127.0.*.3" portion is optional.
On 8/25/2010 4:54 PM, Noel Jones wrote:
On 8/25/2010 4:27 PM, Wietse Venema wrote:
Noel Jones:
Do we want to allow mixing DNSWLs and DNSBLs in one list?
I see them as being the same thing; just different weights.
Default to blacklist weight of 1; the user must specify a
negative weight for a w
Stan Hoeppner:
> Wietse Venema put forth on 8/25/2010 4:27 PM:
> > Noel Jones:
> >> As I see it, there are two complementary paths we can take
> >> with DNS whitelists, each with a slightly different purpose.
> >> While these are both useful, neither depends on the other, so
> >> postfix can impl
Wietse Venema put forth on 8/25/2010 4:27 PM:
> Noel Jones:
>> As I see it, there are two complementary paths we can take
>> with DNS whitelists, each with a slightly different purpose.
>> While these are both useful, neither depends on the other, so
>> postfix can implement either or both.
>
>
Matthias Leisi:
> On Wed, Aug 25, 2010 at 11:27 PM, Wietse Venema wrote:
>
> > ?dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2
> > ?dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4
>
> What about wildcarding? dnswl.org currently returns 127.0
On Wed, Aug 25, 2010 at 11:27 PM, Wietse Venema wrote:
> dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2
> dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4
What about wildcarding? dnswl.org currently returns 127.0.n.[0-3],
with "n" being num
* Wietse Venema :
> Noel Jones:
> > As I see it, there are two complementary paths we can take
> > with DNS whitelists, each with a slightly different purpose.
> > While these are both useful, neither depends on the other, so
> > postfix can implement either or both.
>
> I'll read the entire pro
On 8/25/2010 6:17 PM, Wietse Venema wrote:
Noel Jones:
On 8/25/2010 4:27 PM, Wietse Venema wrote:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
po
On Wed, 25 Aug 2010, Noel Jones wrote:
The user interface would be familiar to anyone using rbl checks. Sample
documentation under the appropriate smtpd_mumble_restrictions section:
- permit_dnswl_client dnswl_domain=d.d.d.d
Accept the request when the reversed client IP network address is l
Noel Jones:
> On 8/25/2010 4:27 PM, Wietse Venema wrote:
> > Noel Jones:
> >> As I see it, there are two complementary paths we can take
> >> with DNS whitelists, each with a slightly different purpose.
> >> While these are both useful, neither depends on the other, so
> >> postfix can implement ei
On 8/25/2010 4:27 PM, Wietse Venema wrote:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
I'll read the entir
Noel Jones:
> As I see it, there are two complementary paths we can take
> with DNS whitelists, each with a slightly different purpose.
> While these are both useful, neither depends on the other, so
> postfix can implement either or both.
I'll read the entire proposal later.
Would this notatio
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
My proposals:
A) scoring in postscreen
A dns whitelist/blacklist scoring
Steve Linford put forth on 8/25/2010 8:27 AM:
> Just to add to the mix if Postfix is working on whitelist implementation...
> Spamhaus has assigned 127.0.2.0/24 for whitelist return codes. The new
> Spamhaus Whitelist ("SWL") due out very shortly will return 127.0.2.2 and
> 127.0.2.3 and Spamha
On 24 Aug 2010, at 21:37, Wietse Venema wrote:
> Stan Hoeppner:
>> Wietse Venema put forth on 8/23/2010 10:11 AM:
>>> Noel Jones:
>>
>>> (Might be time to revisit DNS whitelists in
postfix.)
>>>
>>> Maybe someone can draft a strawman user interface:
>>>
>>> - what is the configuration syn
Wietse Venema put forth on 8/24/2010 2:37 PM:
> With reject_rbl_client etc. Postfix can use different DNSXLs names
> in different access lists, and filter the result. For example, to
> select responses from some.example.com with value 127.0.0.4:
>
> smtpd_mumble_restrictions =
> ...
> r
Stan Hoeppner:
> Noel Jones put forth on 8/24/2010 2:18 PM:
>
> > - This is specific for dnswl.org. Postfix needs a general mechanism.
> > Other whitelists are not required to follow dnswl.org's 127.0.x.y
> > mechanism.
>
> Yeah, I used this example as dnswl is, afaik, the most "established" of
Noel Jones put forth on 8/24/2010 2:18 PM:
> - This is specific for dnswl.org. Postfix needs a general mechanism.
> Other whitelists are not required to follow dnswl.org's 127.0.x.y
> mechanism.
Yeah, I used this example as dnswl is, afaik, the most "established" of
the dns whitelists. I haven
Stan Hoeppner:
> Wietse Venema put forth on 8/23/2010 10:11 AM:
> > Noel Jones:
>
> > (Might be time to revisit DNS whitelists in
> >> postfix.)
> >
> > Maybe someone can draft a strawman user interface:
> >
> > - what is the configuration syntax
> >
> > - what does that syntax mean
> >
> > -
On 8/24/2010 1:36 PM, Stan Hoeppner wrote:
Wietse Venema put forth on 8/23/2010 10:11 AM:
Noel Jones:
(Might be time to revisit DNS whitelists in
postfix.)
Maybe someone can draft a strawman user interface:
- what is the configuration syntax
- what does that syntax mean
- how to make it
Wietse Venema put forth on 8/23/2010 10:11 AM:
> Noel Jones:
> (Might be time to revisit DNS whitelists in
>> postfix.)
>
> Maybe someone can draft a strawman user interface:
>
> - what is the configuration syntax
>
> - what does that syntax mean
>
> - how to make it safe ( we don't want "ope
37 matches
Mail list logo
