On Sun, Feb 26, 2012 at 04:08:04PM -0600, Stan Hoeppner wrote:
> Since I started using Postfix in 2005, I've come across situations
> where it would have been nice to enable logging of certain permit
> actions, sometimes just temporarily, other times more permanently;
> the former to aid troubleshooting, the latter for historical data
> analysis.
>
> In today's case, I'd like to be able to see which/how many clients
> are being permitted due to permit_dnswl_client so I can evaluate
> the performance/effectiveness of list.dnswl.org.
IMO, not that much at this time, but I can guess that going into
IPv6, that might change, because a default deny policy might be
necessary.
I did some postscreen log analysis a bit over a year ago, and only
occasionally did I see DNSWL-listed hosts hit other lists or
restrictions. The few that were in more aggressive DNSBLs didn't
reach my postscreen_dnsbl_threshold anyway.
> What if we gave all permit_*_* parameters an optional logging mode?
> What would be the scope of such an effort? Could we do something
> like
>
> log_permit_dnswl_client
>
> similar to we can use a service name here
A "warn_if_permit" similar to "warn_if_reject" might make more sense
and be more generic. I agree with your reasoning that the feature
would be useful.
"warn_if_reject" negates the following restriction, and likewise
should "warn_if_permit". To actually use it as Stan describes, it
would be:
smtpd_mumble_restrictions = [ ... ]
warn_if_permit permit_dnswl_client list.dnswl.org
permit_dnswl_client list.dnswl.org
[ ... ]
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
