FYI, for the brave... -------- Original Message -------- Subject: Postfix blacklist by MX or NS host Date: Wed, 17 Sep 2003 17:14:44 -0400 (EDT) From: [EMAIL PROTECTED] (Wietse Venema) To: Postfix announce <[EMAIL PROTECTED]> CC: Postfix users <[EMAIL PROTECTED]>
This is to announce an unofficial patch for Postfix 2.0 to black-list domain names by their mail server (such as Verisign's mail server for non-existent .com or .net domain names) or by their DNS servers. The patch for Postfix 2.0 is based on code that was developed for Postfix snapshot 20030917. ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.0-ns-mx-acl-patch.gz Below the signature is a description from the Postfix snapshot 20030917 release notes file. Wietse New check_{helo,sender,recipient}_{ns,mx}_access maptype:mapname restriction that applies the specified access table to the NS or MX hosts of the host/domain given in HELO, EHLO, MAIL FROM or RCPT TO commands. This can be used to block mail from so-called spammer havens, or from sender addresses that resolve to Verisign's wild-card mail responder, currently at IP address 64.94.110.11. /etc/postfix/main.cf: smtpd_mumble_restrictions = ... reject_unknown_sender_domain check_sender_mx_access hash:/etc/postfix/mx_access ... /etc/postfix/mx_access: spammer.haven.tld reject spammer mx host 64.94.110.11 reject verisign wild-card domain Note: OK actions are not allowed for security reasons. Instead of OK, use DUNNO in order to exclude specific hosts from blacklists. If an OK result is found for an NS or MX host, Postfix rejects the SMTP command with "451 Server configuration error". -- Chris Scott Host Orlando, Inc http://www.hostorlando.com/
