* Wietse Venema <postfix-users@postfix.org>: > Stefan Foerster: > > Now, "feature request" is actually not the right word - it's more an > > idea, and probably somebody just needs to tell me it's a bad one. > > > > With the postscreen_dnsbl_sites setting, each site administrator can > > configure a list of DNS blacklists that new SMTP connections will be > > checked against (excluding whitelisted hosts). The actual lookups are > > done by dnsblog(8), and the result ist logged by postscreen(8) similar > > to this: > > > > postfix/postscreen[3074]: DNSBL rank 3 for 210.123.30.94 > > > > Would it be a good idea to extend the existing funcionality in a way > > that allows the postmaster to add a "score" for each blacklist and > > have postscreen(8) drop the connection only if a certain minimum score > > is reached (and it is configured to drop connections not passing the > > DNSBL test, of course)? Something like: > > > > postscreen_dnsbl_sites = bl-a.example.com:2 > > bl-b.example.com:1 > > bl-c.example.com:2 > > postscreen_dnsbl_score_threshold = 3 > > > > (it's probably better to use a hash: or other indexed table to > > configure those scores) > > > > This is similar to what some policy server, e.g. policyd-weight, do - > > with the added benefit that a connection would never reach a real > > smtpd(8) if the score is exceeded. > > > > Does that sound like a somewhat reasonable idea, or more like b/s? > > I think that a design (the stage before code is written) should > consider how scoring would play with the other tests that postscreen > implements, and how it would play with things that I intend to add > such as light-weight greylisting. > > We can model postscreen-like programs in several ways. In all cases > the program subjects each SMTP client to a number of tests (permanent > white/blacklist, RBL lookup, pregreet, greylist, other).
How about a postscreen API to external logic somewhere along the concept of smtpd policy services? I recall the flood of anti spam feature requests for smtpd and I can see it coming back for postscreen. People might even be able to implement bandwidth throttling where Postfix provides the data and an external 'postscreen policy' daemon controls firewall settings. p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
