On Thu, Oct 16, 2008 at 04:39:58PM +0200, mouss wrote: > > (a) Match an IP address whose reverse DNS matches 'domain.tld'. > > This can't be trusted. nobody can use this for access control.
Indeed. > > (c) Match an IP address which is listed as one of the results for an > > A-record lookup of 'doman.tld'. > > You can exclude this by yourself: if I use a pcre (or regexp) map, would > postfix try all possible strings that matchall the regular expressions, > do a DNS lookup until it finds a match??? That argument doesn't follow. This isn't a pcre map, it's a DNS map. > "matches domain.tld", means that the rDNS matches this. and rDNS is only > used if it is "forward confirmed". Thanks. > choice 1: give all the IPs the same rDNS. > choice 2: give each an rDNS in a specific subdomain It's not under my control, unfortunately I can't do this. It appears Postfix is inferior to Exim here :-( > choice 3: use a script to generate a cidr map from the zone file, and > run the script whenever the zone file is updated. I suppose I'll have to hack something together, yes. Thanks for your reply.
