That was discussed in a previous topic on this mailing list, but it can be done with:
askdns DNSWL_DWL_HI _DKIMDOMAIN_.dwl.dnswl.org A /^127\.\d+\.\d+\.3/ tflags DNSWL_DWL_HI nice net describe DNSWL_DWL_HI dwl.dnswl.org high trust score DNSWL_DWL_HI -3 askdns DNSWL_DWL_MED _DKIMDOMAIN_.dwl.dnswl.org A /^127\.\d+\.\d+\.2/ tflags DNSWL_DWL_MED nice net describe DNSWL_DWL_MED dwl.dnswl.org medium trust score DNSWL_DWL_MED -1.5 askdns DNSWL_DWL_LOW _DKIMDOMAIN_.dwl.dnswl.org A /^127\.\d+\.\d+\.1/ tflags DNSWL_DWL_LOW nice net describe DNSWL_DWL_LOW dwl.dnswl.org low trust score DNSWL_DWL_LOW -0.2 (I don't include DNSWL_DWL_NONE in my rulesets at all, so I can't copy paste that to you, but it is the same thing but with a 0 for the last octet) On Mon, Nov 27, 2017 at 7:19 AM, John Wilcock <j...@tradoc.fr> wrote: > My SA platform has very good results with thousands of >>> whitelist_auth entries but 98% of the SA users are not going to >>> know to create/manage these entries themselves. Combined with >>> other rules this also helps with spoofing legit senders like the >>> IRS, Bank of America, etc. I am not suggesting we put thousands of >>> entries in the new 60_whitelist_auth.cf but the common, >>> high-profile, large senders that often get spoofed. >>> >> >> Make it dynamic? At dnswl.org we now also provide domain-based trust >> info (which should only be applied to properly authenticated domains, >> obviously). >> > > Can SA do this today (with a dnswl lookup metad with DKIM_VALID or > similar)? Or would a new plugin be needed to do the job properly? > > -- > John > -- - Markus
