Alessandro Vesely writes:

I think we may additionally need two things:

1. A mechanism to skip performing some lookups in case some other ones already succeeded. Currently, only if a given variable is already set, the corresponding lookup is skipped.

This seems trivial. The lookup can also be skipped if some other variable is also already set. The whitelists can be arranged to be looked up first, followed by blacklists.

The real challenge here is to come up with a sane syntax to specify all of this.

2. A mechanism to pass (some of) these variables to global filters. (Values /from/ global filters can be set via header fields, but variable-passing can also be devised to work both ways.)

I think that the best way is to record this metadata into an additional header, than the filter can check. Thinking it over in my ahead, I think this would be the easiest approach, and all the change can be bundled in courieresmtpd, so that the command line sendmail injection point, or the shared codepath between the two, does not need to be overengineered for that.

Spamhaus have announced their whitelist as the dawn of a new era. In facts, the IPv4 is on the ropes and DNSBL technology cannot go to IPv6 as-is. (Let me quote just one phrase from John Levine, 26 Aug 2009:

   At one address per millisecond, it would take 500 million years to
   run through a /64.
      http://www.ietf.org/mail-archive/web/asrg/current/msg15743.html)

I do not understand what the problem is. Wildcard DNS entries will work fine. You just put a wildcard record for the /64. End of story.

Let's blacklist j.root-servers.net:

j.root-servers.net.     401788  IN      AAAA    2001:503:c27::2:30

Expanding this gives 2001:0503:0c27:0000/64. I can't think of any reason why this cannot be recorded as

*.00.00.27.0c.03.05.01.20.blacklist.example.com TXT "Whatever"

This presumes that, for consistency, hex is used at the octet-level granularity for IPv6. Decimal can be used equally well.

I see no reason why this won't work.



Attachment: pgpJY4gKWHAhO.pgp
Description: PGP signature

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to