Viktor Dukhovni wrote on 2020-03-13 18:48:
On Sat, Mar 14, 2020 at 01:16:09AM +0000, Paul Vixie wrote:
...
But you don't actually have to hinder forwarding of your email by
publishing SPF, another option is to use only IPv4 when sending email
via google's MX hosts. This can be done by hiding the AAAA records of
the Google MTAs from Postfix (my below adaptation of the example uses
the PCRE "x" option to make the filter more readable):
http://www.postfix.org/postconf.5.html#smtp_dns_reply_filter
/etc/postfix/main.cf:
pcre = pcre:${config_directory}/
smtp_dns_reply_filter = ${pcre}smtp_dns_reply_filter
/etc/postfix/smtp_dns_reply_filter:
# /domain ttl IN AAAA address/ action, all case-insensitive.
# Note: the domain name ends in ".".
/^\S+\.google\.com\. \s+ \S+ \s+ IN \s+ AAAA \s+/x IGNORE
/^\S+\.smtp\.goog\. \s+ \S+ \s+ IN \s+ AAAA \s+/x IGNORE
that is delightfully unhinged, but i would sooner call joe abley on the
phone then to put PCRE's into config files trying to filter out
dig-format DNS records. thanks for the cackle, though.
--
P Vixie
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
