Hi, I want to use a DNS white list to skip greylisting delays for known good addresses, which would pass the greylist anyway. To do this with spamd and OpenSMTPd I wrote a prototype which intercepts the initial SYN packet from any non-whitelisted ip. It then queries DNS whitelists and on any positive reply it whitelists the ip. The SYN packet is dropped. Any sane smtp server will very shortly resend the SYN and get through to OpenSMTPd. This program is only a proof-of-concept. I think the same functionality could be integrated into spamd or as transparent relay into relayd. Is this a sensible approach?
Christopher On 2016-03-15 Stuart Henderson <[email protected]> wrote: > On 2016/03/15 12:55, Craig Skinner wrote: > > Generally, everything has changed from file feeds to DNS. > > Yep, because for the more actively maintained ones 1) new entries show > up more quickly than any sane rsync interval, this is quite important > for good blocking these days 2) DNS is less resource intensive and > more easily distributed than rsync, and 3) importantly for the rbl > providers, it gives additional input to them about new mail sources > (if an rbl suddenly starts seeing queries from all over the world for > a previously unseen address, it's probably worth investigation - I am > sure this is why some of the commercial antispam operators provide > free DNS-based lookups for smaller orgs). > > A more flexible approach would be to skip the PF table integration > completely and do DNS lookups in spamd (or, uh, relayd, or something > new) and based on that it could choose whether to tarpit, greylist or > transparent-forward the connection to the real mail server. This > would also give a way to use dnswl.org's whitelist to avoid > greylisting for those hosts where it just doesn't work well (gmail, > office365 etc). > -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 2779 7F73 44FD 0736 B67A C410 69EC 7922 34B4 2566
pgp3n09YtGV91.pgp
Description: OpenPGP digital signature
