Monsieur Gilles,
> helo misc@,
>
> I wrote an article a few days ago:
>
> https://poolp.org/posts/2018-12-06/opensmtpd-proc-filters-fc-rdns/
>
>
> Since then, I implemented the check-fcrdns builtin filter allowing us to
> filter incoming sessions that do not have a valid FCrDNS.
>
> How does it work ?
>
> 1- configure your listener to be filtered
> 2- add a filter hook on whatever phase you want to trigger the check on
>
> [...]
> listen on all filter
>
> filter smtp-in connect check-fcrdns disconnect "550 GO AWAY, PUNK"
> [...]
>
> This will result in smtpd replacing the welcome banner with the message,
> then dropping the client connection if they don't have a reverse DNS and
> a matching forward DNS. You can apply the check at further phases if you
> need to log more details, this is up to you.
Thank you for the check-fcrdns filter. Would it be possible for you to
please share your thoughts on the filter, specifically the checks that
the filter performs.
Given a client IP 29.3.20.19 trying to send email, which of these
checks will the filter perform?
i) Resolve 29.3.20.19 to the set of hostnames. If no hostname is
returned, reject connection.
ii) Suppose 29.3.20.19 resolves to { brexit.eu, reunite.uk }. Next
resolve the set of hostnames to a set of IP addresses. If no IP address
is returned for any of the hostnames, reject connection.
iii) Suppose some hostnames do resolve to a set of IP addresses. If
29.3.20.19 is not present in the set of IP addresses, reject connection.
In case I have understood this incorrectly, I apologize. I have based
this flow on my understanding of the "reject_unknown_client_hostname"
feature of Postfix [1].
Merci Beaucoup / Danke Schön / Arigatou Gozaimasu / Dhanyavaad.
Regards,
ab
[1] - http://www.postfix.org/postconf.5.html
---------|---------|---------|---------|---------|---------|---------|--
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
