Noel Jones <njo...@megan.vbhcs.org> schrieb: > On 6/7/2014 10:53 AM, li...@rhsoft.net wrote: >> >> >> Am 07.06.2014 17:25, schrieb Noel Jones: >>> I wonder why you're just trying to stop SASL from those client... >>> Why not just use reject_rbl_client (and maybe other restrictions) >>> before permit_sasl_authenticated to reject all mail from them? If >>> you're unwilling to accept SASL credentials, why would you accept >>> anything? >> >> i think the point for different RBL lists for incoming mail >> and SASL is pretty clear that you have a problem if you are >> using dialup-lists for your un-authenticated incoming mail >> flow you can't use the same for submission or better said: > > There are two general types of RBL -- bad neighborhoods and bad > behavior. One would generally not block SASL to a bad neighborhood, > but maybe useful to block SASL to a host with bad behavior. > > The original question was about using an RBL to block SASL based on > bad behavior. > > Obviously the OP has such an RBL in mind already. Why would you > want any mail from a known bad host?
Actually I don't care if I disable relaying (which can only be done using SASL anyway) for subnets or bad bahaving AS. But I still want legitimate mail come in for my customers - even if it originates from such networks. But I want to (automatically) block the suspicious networks and not first block all then whitelist the known-good. -- Replies to list only preferred.