>Here's the same script without the stupid dupes in the "for" items,
>sorted, and in multiline format for easier reading:
>
>/usr/local/bin/mx_mysender.sh :
>
>#!/bin/sh
>
>cp /dev/null /var/tmp/mx_mysender.tmp
>
>for tld in \
> ac\
> cc\
> com\
> cx\
> mp\
> museum\
> net\
> nu\
> ph\
> pw\
> sh\
> td\
> tk\
> tm\
> ws ; do
>
>echo $tld
>
>/usr/bin/dig *.$tld +noau +noad |\
> awk '/^\*\./ { print $5}' |\
> awk '{print $1" reject wildcard_tld"}' \
> >> /var/tmp/mx_mysender.tmp
>
>done
>
>/usr/bin/sort -f < /var/tmp/mx_mysender.tmp | uniq -i >
>/var/tmp/mx_mysender.map
>
>cp /var/tmp/mx_mysender.map /etc/postfix/mx_mysender.map
>
>/usr/sbin/postmap /etc/postfix/mx_mysender.map
>
>exit 0
I was updating the above script to add in a 3 more TLDs that have jumped=20
the Versigin let's_rape_DNS bandwagon, and I thought I'd go ahead have the=
=20
same script update the include file deleg-only.conf used by BIND9 on the=20
same machine.
well, guess what?
1. the above + options for dig 8 were not preserved in dig9, sorry. but=20
there's worse...
2. when dig runs on a machine where resolv.conf lists a BIND9 that supports=
=20
zone delegation-type zones, dig8 or 9 fails to get any answer from BIND9=20
for the wildcard TLDs, so we can't update the postfix.map file with the IPs.
So, just in case you wonder why the above script doesn't work for you ...
anyway, there the deleg-only.conf include file:
zone "ac" { type delegation-only; };
zone "bz" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "cn" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "mp" { type delegation-only; };
#zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "pw" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "td" { type delegation-only; };
zone "tk" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "tw" { type delegation-only; };
zone "ws" { type delegation-only; };
I've commented out museum, apparently they want it like that, and .museum=20
domain owners are happy, too. so if you start gettting a bunch HELO and=20
@sender.domains like aljfa=E6ljfaljfd.museum, you know why.
for the mx_mysenders.map file:
194.205.62.122 REJECT AC wildcard_tld
216.220.34.101 REJECT BZ wildcard_tld
206.253.214.102 REJECT CC wildcard_tld
159.226.7.162 REJECT CN wildcard_tld
64.94.110.11 REJECT com wildcard_tld
219.88.106.80 REJECT CX wildcard_tld
202.128.12.163 REJECT MP wildcard_tld
#195.7.77.20 REJECT museum. wildcard_tld
64.94.110.11 REJECT net wildcard_tld .
212.181.91.6 REJECT NU wildcard_tld
64.55.105.9 REJECT NU wildcard_tld
203.119.4.6 REJECT PH wildcard_tld
wfb.dnsvr.com. REJECT PW wildcard_tld
194.205.62.62 REJECT SH wildcard_tld
www.nic.TD. REJECT TD wildcard_tld
195.20.32.83 REJECT TK wildcard_tld
195.20.32.86 REJECT TK wildcard_tld
194.205.62.42 REJECT TM wildcard_tld
203.73.24.11 REJECT TW wildcard_tld
216.35.187.246 REJECT WS wildcard_tld
If you use BIND9 having delegation-only zones, you don't really need to do=
=20
the postfix .map, fixing one place of the other suffices.
Len
