On May 22, 2007, at 2:09 AM, Cami Sardinha wrote: >> >> I'd love to see a solution where recipients of outbound messages >> could have some combination of the server(s) MX'd for their domain - >> or in policyd fashion, a configurable number of quads of that/those >> server's IP addresses - automatically greylisted/whitelisted? Maybe >> you go simple and only use the address of the server that actually >> receives the message as the basis for auto(g/w)listing, or maybe you >> expand all available MX or A records for the RHS of the address. > > Have you read policyd.conf?
Sure, but this doesn't address the issue for me. I'm looking for a solution that would immediately whitelist a remote host if a valid, authenticated sender from my server successfully relays a message to that host to avoid the return greylisting process when the recipient replies. Unless I'm misunderstanding the implementation, it appears that there's no way to automatically add a remote host's entry to the whitelisting table without at least one initial greylist round trip. Something like this: me -> SMTP/TLS/SASL -> my smtp server -> recipient gets autowhitelisted -> delivery to recipient's smtp server On May 22, 2007, at 8:33 AM, David Beveridge wrote: > To do exactly what you asked for is difficult because the > destination host, A or MX details are not passed as a > parameter from postfix to the policy daemon. OK, I thought that might be the case. The two possible solutions to this that come to mind are to either add the recipient's address to 'whitelist_sender', or parse the RHS of the recipient's address for destination MX/A/[dotted.quad] records and add the results to 'whitelist' as we've been describing. Actually, the recipient/sender-based approach wouldn't be terrible if you were to set a short expiration for that entry and then hint policyd with another column in whitelist_sender (autorecipient?) that the next incoming message from that recipient should add a host whitelist entry. The whitelist_sender entry would drop off shortly thereafter and you'd be left with a valid host entry in the whitelist table. While it would create a small vulnerability for a brief period of time, the risk seems nominal and this approach spares the overhead and possible inaccuracies associated with guessing a sender's outbound SMTP server's address. Thoughts? -- Eric A. Litman +1-703-852-0582 (voice, fax) http://www.litman.org/ AIM: EricAustinLitman | Skype: EricLitman ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
