Thanks Miles, but I am not sure that this is what I am looking for. My client's users will already have authenticated to access the data network, but all that remains to identify them is the IP address that they were assigned for that session. The data network guys have added code to update a DNS with both the IP and the original authentication string provided by the user. When one of these dynamically assiged IPs connects to our SMT Pserver we want to be able to look up the auth string in the DNS and check this against a blacklist.
It is not considered acceptable to force the users to authenticate a second time when they want to send email. We must accept the network authentication as being valid (it is, our problem is not unauthenticated users, but authenticated users who perform unauthorized actions line spamming) and then impose our own rules of behavior on those users by blacklisting them mike On 12/27/06, Miles Fidelman <[EMAIL PROTECTED]> wrote:
Mike Kenny wrote: > A client of mine provides an email service to a number of mobile > users. This leave my client open to abuse as addresses are assigned > dynamically and blocking specific users is difficult. We have set up > an internal, private DNS which we update with the authentication > details of the user and the IP assigned to him/her at that time. We > now want to configure postfix/spamassassin to query this DNS and > return the authentication details. This will allow us to blacklist the > abusive users until they re-register (at a cost) and should help us > fight the proliferation of spam. > > How best can this be done? It is not enough that the IP is in the DNS, > we expect it to be and we don not want to blacklist based on the IP. > We actually need to get the authentication details back and look these > up in a blacklist. So how do we configure postfix or spamassassin to > look up Mike, You're barking up the wrong tree. There are several well-established mechanisms specifically designed to authenticate mobile users to email systems. What you want is SMTP AUTH, possibly w/ TLS. Look at the wikipedia entries for SMTP-AUTH and SASL, and then look at the Postfix howtos. Miles Fidelman
