On Tuesday at 12:33PM Eric wrote: > I'd love to see a solution where recipients of outbound messages > could have some combination of the server(s) MX'd for their domain - > or in policyd fashion, a configurable number of quads of that/those > server's IP addresses - automatically greylisted/whitelisted? Maybe > you go simple and only use the address of the server that actually > receives the message as the basis for auto(g/w)listing, or maybe you > expand all available MX or A records for the RHS of the address. > > Has anyone played with this idea? >
Yes, I have although I kind of whitelisted using a different method. I tried it by whitlisting SPF PASS and SPF Guess PASS. see http://openspf.org Although this has a few problems. If you do it then you loose the rate limiting of the whitelisted sites. and If a spammer is smart enough to publish their own SPF record and then send their emails from there then it would be accepted through. On the plus side though it does mean that you automatically whitelist all email that comes from either the published SPF sources or the A or MX for the domain where no SPF record exists. To do this, you would use two policies in you main.cf SPF first with accept for PASS with Guessing Enabled. Then the greylist policy following after. To do exactly what you asked for is difficult because the destination host, A or MX details are not passed as a parameter from postfix to the policy daemon. Code would have to be written to look all that up in the DNS. Therefore the SPF provides a similar thing without having to write as much code. In the end after some testing, I decided to reverse the policies around and only use SPF after greylisting. This is because I really use policyd as a rate limiter, and I have a another greylisting policy that I use later on in the process, which does some other stuff. eg: greylisting people with no PTR or MX record. or: PTR records that don't have matching A records. Perhaps if it could work just on sites you already communicated with (as you proposed), the colateral damage would be less. I'll have to think about whether of not I have time to write the MX lookup code and if I can justify it. regards, dave. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
