On 2021-11-04 7:07 a.m., Larry M. Smith via mailop wrote:
On 11/3/2021, Nicolas JEAN via mailop wrote:
On 15/10/2021 23:22, Paul Gregg via mailop wrote:
(snip)
Sorry for the late reply.
The trick to this is not to limit by IP address - but to implement
service (API) keys.
e.g. each authorised user is given a key e.g. sj3Fa3Gomd937Z12
Then they make queries for
44.33.22.11.sj3Fa3Gomd937Z12.myserver.example.com.
That way you don't care what IP it comes from, but you know who it is.
Nice trick. :)
Unfortunately, it seems that it would require modifications to e.g.
postfix, or other software, in order to add that identifying string to
the DNS query.
Still an idea to keep in mind. Because of how DNS works, the source IP
address isn't available anyway in a usual, unmodified postfix DNS query.
Isn't this how Spamhaus runs their DQS service?
I do believe so ;) It isn't a perfect secret key of course, more of an
obfuscated key, but it is an easy way to discourage abuse, and allows
queries to be allowed via shared or open resolvers in a way that a
single end point query does not.
While not perfect, it is a smart technique. The only thing is the
actual DNS server itself has to either be modified to parse and check
the key, or it has to set up a 'zone' dynamically as people register for
their keys. If the later of course, you could have a very large set of
zones to be maintained, if you are popular enough, one for each
registered user.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
