On Sat, Nov 06, 2010 at 10:04:57AM -0400, Wietse Venema wrote:
Due to the DNS lookup latency inherent in incoming DKIM checks, doing
DKIM in post-queue content-filters is somewhat unattractive, as typically
one wants low-latency, modest concurrency in a post-queue filter.
Another way to
I'm working on Spamhaus' new whitelist where our goal is to list only
mail sources clean enough that you can skip the rest of the filtering.
(So far so good, but it's still pretty small.)
You're welcome to use it. The IP address version is at swl.spamhaus.org.
For people who like DKIM,
Wietse Venema:
This is now implemented with minor changes. [...]
I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
because this is SMTP server code, and I mostly rely on postscreen's
DNS whitelisting feature).
Same code, now available as postfix-2.8-20101108 regular
Noel Jones put forth on 11/5/2010 11:04 AM:
On 11/5/2010 10:03 AM, Wietse Venema wrote:
This is now implemented with minor changes.
Excellent! Looking forward to a test drive.
Excellent indeed. Thank you for implementing this Wietse.
Jerrale, it appears Wietse just solved your problem WRT
Victor Duchovni:
There will at some point be interest in DNSWL support for verified DKIM
d= domains. For now that's out of scope (milters, pre-queue filters, ...)
I've recently starting using the OpenDKIM library, ... it is fairly easy
to support. If there is ever interest in directly
Noel Jones wrote in late August 2010:
B) a permit based system, a mirror of reject_rbl_client.
This would have a user interface similar to the existing
reject_rbl_client with expected usage similar to access(5)
based whitelists.
Seems to me that checks using sender-supplied info such as
On Fri, Nov 05, 2010 at 11:03:34AM -0400, Wietse Venema wrote:
The current manpage text reads:
reject_rbl_client rbl_domain=d.d.d.d
...
permit_dnswl_client dnswl_domain=d.d.d.d
Accept the request when the reversed client network address is
On 11/5/2010 10:03 AM, Wietse Venema wrote:
This is now implemented with minor changes.
Excellent! Looking forward to a test drive.
-- Noel Jones
Victor Duchovni:
On Fri, Nov 05, 2010 at 11:03:34AM -0400, Wietse Venema wrote:
The current manpage text reads:
reject_rbl_client rbl_domain=d.d.d.d
...
permit_dnswl_client dnswl_domain=d.d.d.d
Accept the request when the reversed client network
Should we mention that these should only be used to reduce FPs from
blacklists that follow, and that are expected to not list legitimate
clients. ...
Depends on the whitelist.
I'm working on Spamhaus' new whitelist where our goal is to list only
mail sources clean enough that you can skip the
On Fri, Nov 05, 2010 at 12:27:06PM -0400, Wietse Venema wrote:
Should we mention that these should only be used to reduce FPs from
blacklists that follow, and that are expected to not list legitimate
clients. Thus any temporary DNS lookup error would likely result an an
additional lookup
On Fri, Nov 05, 2010 at 04:51:14PM -, John Levine wrote:
Should we mention that these should only be used to reduce FPs from
blacklists that follow, and that are expected to not list legitimate
clients. ...
Depends on the whitelist.
I'm working on Spamhaus' new whitelist where our
This is now implemented with minor changes. [...]
I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
because this is SMTP server code, and I mostly rely on postscreen's
DNS whitelisting feature).
ftp://ftp.porcupine.org/mirrors/postfix-release/index.html and
mirror sites.
Once
On 11/5/2010 6:24 PM, Wietse Venema wrote:
This is now implemented with minor changes. [...]
I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
because this is SMTP server code, and I mostly rely on postscreen's
DNS whitelisting feature).
ftp://ftp.porcupine.org/mirrors/postfix
Hi,
today I added full IPv6 support and the amavisd-new bindings. Now it's possible
to have dnswl.py used as policy-service in postfix and if it find a MTA on a
whitelist, it automatically gets soft-whitelisted in amavis (using SQL).
I will put the new version on my side later on.
Have fun
Hi,
I have seen that several services on the internet started with DNS whitelists.
So I was looking for a way on how to integrate it into Postfix. Blacklisting
seems to be easy, but whitelisting not. So I was looking how to write a policy
service. I have coded a python daemon called dnswl.py
Hi,
Actually using a WL to let email through does not appear to have any
advanatage except for the WL vendor.
Ah and yes, of course that is open source.
Thanks for providing this!
well, at the one side you a right that currently the WL vendor may earn money.
But I fear the moment,
* Wietse Venema wie...@porcupine.org:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
I'll read the
On Wed, Aug 25, 2010 at 11:27 PM, Wietse Venema wie...@porcupine.org wrote:
dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2
dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4
What about wildcarding? dnswl.org currently returns 127.0.n.[0-3],
Matthias Leisi:
On Wed, Aug 25, 2010 at 11:27 PM, Wietse Venema wie...@porcupine.org wrote:
?dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2
?dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4
What about wildcarding? dnswl.org currently
Wietse Venema put forth on 8/25/2010 4:27 PM:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
I'll read
On 8/26/2010 4:14 PM, Wietse Venema wrote:
The more precise solution is to implement wildcards with ranges:
example.com=127.0.[0-128].3*1
example.com=127.0.[0-5,6-9].3*1
Noel Jones:
I like the range idea. You want proto docs reflecting that
syntax?
Yes, that would help everyone to
Updated Proposal for weighted dnsXl support in postscreen.
(Change parameter names to all start with postscreen_dns* for
easy reading in postconf. Get rid of negative site weight
values [the client dnsxl score total may still be negative].
Add filter octet range docs.)
(The weight ranges
Noel Jones put forth on 8/24/2010 2:18 PM:
- This is specific for dnswl.org. Postfix needs a general mechanism.
Other whitelists are not required to follow dnswl.org's 127.0.x.y
mechanism.
Yeah, I used this example as dnswl is, afaik, the most established of
the dns whitelists. I haven't
and humility Wietse, I don't think postscreen is
the right place to implement dnswl whitelisting. Or, I should say, it's
not a complete dns whitelisting solution, but only a small first step.
If I understand correctly, all this will do is shoot such a whitelisted
client past all the postscreen checks
On 24 Aug 2010, at 21:37, Wietse Venema wrote:
Stan Hoeppner:
Wietse Venema put forth on 8/23/2010 10:11 AM:
Noel Jones:
(Might be time to revisit DNS whitelists in
postfix.)
Maybe someone can draft a strawman user interface:
- what is the configuration syntax
- what does that
Steve Linford put forth on 8/25/2010 8:27 AM:
Just to add to the mix if Postfix is working on whitelist implementation...
Spamhaus has assigned 127.0.2.0/24 for whitelist return codes. The new
Spamhaus Whitelist (SWL) due out very shortly will return 127.0.2.2 and
127.0.2.3 and Spamhaus'
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
My proposals:
A) scoring in postscreen
A dns whitelist/blacklist scoring
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
I'll read the entire proposal later.
Would this notation
On 8/25/2010 6:17 PM, Wietse Venema wrote:
Noel Jones:
On 8/25/2010 4:27 PM, Wietse Venema wrote:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
Stan Hoeppner:
Wietse Venema put forth on 8/23/2010 10:11 AM:
Noel Jones:
(Might be time to revisit DNS whitelists in
postfix.)
Maybe someone can draft a strawman user interface:
- what is the configuration syntax
- what does that syntax mean
- how to make it safe (
Noel Jones:
[ Charset UTF-8 unsupported, converting... ]
On 8/23/2010 8:48 AM, Ralf Hildebrandt wrote:
* p...@alt-ctrl-del.orgp...@alt-ctrl-del.org:
I find that a lot of spam comes from recently registered, throw away
domains. The new domain may be used as the sender, hostname, or name
32 matches
Mail list logo