On 03/15/2010 11:48 PM, Stan Hoeppner wrote: > Erik Logtenberg put forth on 3/15/2010 11:16 AM: >> Hi, >> >> Is there a possibility to use a DNS-based RBL whitelist in Postfix? In >> The Netherlands we have an NL-Whitelist, which contains the IP's of all >> major ISP's. By using this whitelist one can make sure that accidental >> automatic blacklisting won't disrupt regular email traffic. >> >> I had something like a permit_rbl_client directive in mind, that could >> be placed in smtpd_recipient_restrictions, right before the >> reject_rbl_client lines. Apparently there is no permit_rbl_client at >> this moment, is there any other way to achieve this? > > DNS white lists are usually very, very small, relatively, compared to DNS > black lists. This is why most DNS based white list providers enable zone > transfers, in turn enabling customers to download the entire white list, > which is then queried locally. Once it's local the tempfail issue is non > existent. This is why nearly all DNS white list implementations are handled > this way. It increases reliability fundamentally. DNS whitelists need to > be fundamentally more reliable than DNS blacklists. > > How many records are in the DNSWL you mention? 200? 2000? There are a few > million records in the Spamhaus and SORBS lists. If they tempfail, mail > still comes through, although other A/S measures get a whack at it. If a > DNSWL tempfails, you have more than a desired level of complexity to deal > with this situation properly. Thus, it is optimal to deal with a local copy > of the whitelist. > > What is preventing you from grabbing a copy of this .nl whitelist and > querying against it locally either as a map file or via an RBLDNSD setup?
This whitelist is 1409 records long, so indeed as you say very small. I suppose I could download it and host it locally. Apparently AXFR is not allowed, but plain text HTTP download is, so that's good enough. Then I would only need an efficient and robust way for postfix to use it.
