Justin Piszcz
Thu, 10 Jan 2008 12:15:07 -0800
On Thu, 10 Jan 2008, Robert Felber wrote:
On Sun, Dec 23, 2007 at 06:23:11AM -0500, Justin Piszcz wrote:Hi, Was wondering if support for whitelists would be made available in policyd-weight? For example, see: http://www.dnswl.org/ I add it in here: 'list.dnswl.org', 0.00, -5.0, 'DNSWL',change this to 'list.dnswl.org', -5.0, 0, 'DNSWL', The first score is added if the RBL/DNSWL has hit, i.e. the client is listed. If the HIT score is greater than 0 it is treated as a RBL hit, if the score is less than 0 (eg: -1) it is treated as a DNSWL hit.But it still counts as a 'bad' RBL, is there any chance of making a whitelist section where if X number of whitelist RBLs include a certain IP -or- the value is less than X it is allowed? This then leads to a second question, perhaps one wants to place emphasis or weight upon the trust level: Per: http://www.dnswl.org/tech Trustworthiness / Score (127.0.x.Y): * 0 = none - only avoid outright blocking (eg Hotmail, Yahoo mailservers, -0.1) * 1 = low - reduce chance of false positives (-1.0) * 2 = medium - make sure to avoid false positives but allow override for clear cases (-10.0) * 3 = high - avoid override (-100.0). So it would need to be something like: list.dnswl.org ret=127.0.0.0 -5.0 list.dnswl.org ret=127.0.0.1 -3.0 Just an idea.. But the main request is a @whitelist for RBL's to help reduce false positives. Justin. ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/-- Robert Felber (PGP: 896CF30B) Munich, Germany ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/
Ah!! Thanks! ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/