RBL whitelist?
in [Postfix]
|
From: Erik Logtenberg on 15 Mar 2010 12:16 Hi, Is there a possibility to use a DNS-based RBL whitelist in Postfix? In The Netherlands we have an NL-Whitelist, which contains the IP's of all major ISP's. By using this whitelist one can make sure that accidental automatic blacklisting won't disrupt regular email traffic. I had something like a permit_rbl_client directive in mind, that could be placed in smtpd_recipient_restrictions, right before the reject_rbl_client lines. Apparently there is no permit_rbl_client at this moment, is there any other way to achieve this? Kind regards, Erik.
From: Noel Jones on 15 Mar 2010 12:23 On 3/15/2010 11:16 AM, Erik Logtenberg wrote: > Hi, > > Is there a possibility to use a DNS-based RBL whitelist in Postfix? In > The Netherlands we have an NL-Whitelist, which contains the IP's of all > major ISP's. By using this whitelist one can make sure that accidental > automatic blacklisting won't disrupt regular email traffic. > > I had something like a permit_rbl_client directive in mind, that could > be placed in smtpd_recipient_restrictions, right before the > reject_rbl_client lines. Apparently there is no permit_rbl_client at > this moment, is there any other way to achieve this? > > Kind regards, > > Erik. Postfix has no built-in support for DNS whitelists. You can add support by using a policy service. http://www.postfix.org/SMTPD_POLICY_README.html -- Noel Jones
From: "corpus.defero" on 15 Mar 2010 12:42 On Mon, 2010-03-15 at 11:23 -0500, Noel Jones wrote: > On 3/15/2010 11:16 AM, Erik Logtenberg wrote: > > Hi, > > > > Is there a possibility to use a DNS-based RBL whitelist in Postfix? In > > The Netherlands we have an NL-Whitelist, which contains the IP's of all > > major ISP's. By using this whitelist one can make sure that accidental > > automatic blacklisting won't disrupt regular email traffic. > > > > I had something like a permit_rbl_client directive in mind, that could > > be placed in smtpd_recipient_restrictions, right before the > > reject_rbl_client lines. Apparently there is no permit_rbl_client at > > this moment, is there any other way to achieve this? > > > > Kind regards, > > > > Erik. > > Postfix has no built-in support for DNS whitelists. > You can add support by using a policy service. > http://www.postfix.org/SMTPD_POLICY_README.html > > -- Noel Jones > You can usefully shorten that statement to: >Postfix has no built-in support And instead link to: http://www.exim.org/
From: Erik Logtenberg on 15 Mar 2010 15:04 >> Is there a possibility to use a DNS-based RBL whitelist in Postfix? In >> The Netherlands we have an NL-Whitelist, which contains the IP's of all >> major ISP's. By using this whitelist one can make sure that accidental >> automatic blacklisting won't disrupt regular email traffic. >> >> I had something like a permit_rbl_client directive in mind, that could >> be placed in smtpd_recipient_restrictions, right before the >> reject_rbl_client lines. Apparently there is no permit_rbl_client at >> this moment, is there any other way to achieve this? >> >> Kind regards, >> >> Erik. > > Postfix has no built-in support for DNS whitelists. > You can add support by using a policy service. > http://www.postfix.org/SMTPD_POLICY_README.html > > -- Noel Jones Thanks for your reply. I see that I could construct a policy service to do this, but it seems simpler and much more efficient to let postfix do this natively. It already has al the DNS-resolving code and whatnot, I would guess it shouldn't take much more than an extra negation somewhere to make it permit instead of deny. Wietse, is there a reason why you would not want a permit_rbl_client feature in postfix? If not, then I would like to hereby suggest this feature request. If you would approve the feature request but don't have the time and/or other incentive to implement it, I'd gladly try to submit a patch.
From: Wietse Venema on 15 Mar 2010 16:14 Erik Logtenberg: > >> Is there a possibility to use a DNS-based RBL whitelist in Postfix? In > >> The Netherlands we have an NL-Whitelist, which contains the IP's of all > >> major ISP's. By using this whitelist one can make sure that accidental > >> automatic blacklisting won't disrupt regular email traffic. > >> > >> I had something like a permit_rbl_client directive in mind, that could > >> be placed in smtpd_recipient_restrictions, right before the > >> reject_rbl_client lines. Apparently there is no permit_rbl_client at > >> this moment, is there any other way to achieve this? > >> > >> Kind regards, > >> > >> Erik. > > > > Postfix has no built-in support for DNS whitelists. > > You can add support by using a policy service. > > http://www.postfix.org/SMTPD_POLICY_README.html > > > > -- Noel Jones > > Thanks for your reply. I see that I could construct a policy service to > do this, but it seems simpler and much more efficient to let postfix do > this natively. It already has al the DNS-resolving code and whatnot, I > would guess it shouldn't take much more than an extra negation somewhere > to make it permit instead of deny. > > Wietse, is there a reason why you would not want a permit_rbl_client > feature in postfix? If not, then I would like to hereby suggest this > feature request. > If you would approve the feature request but don't have the time and/or > other incentive to implement it, I'd gladly try to submit a patch. I understand what needs to happen when the DNS server replies that the client is or is not listed, though I don't know if there is any convention for positive whitelist replies. What is supposed to happen in the absence of a valid DNS reply? Is there a difference between SERVAIL, timeout, and so on? I don't want to be swamped with bug reports that "postfix has buggy access control". The same issue comes up occasionally with name-based lookups in Postfix access(5) maps. The usual recommendation is that such configurations are fragile. Wietse
|
Next
|
Last
Pages: 1 2 3 4 5 6 Prev: Writing custom delivery agent to track bounces Next: Local E-Mail checking? |