On 5/26/24 5:40 PM, gil...@poolp.org wrote:
May 26, 2024 9:46 PM, "Ian Darwin" <i...@darwinsys.com> wrote:
I'd like to use the fcrdns filter but one of my users has a non-negotiable need
to get mail from a
site with inept administration. Is there a way to let this one site bypass this
one filter?
I have two fairly standard 'listen' clauses and the corresponding matches. I
had fcrdns on the
first one for a day or two until the flames started.
listen on egress inet4 port 25 \
tls pki darwinsys.com \
filter { check_dyndns, check_rdns, rspamd } \
tag INCOMING
listen on egress port submission \
filter { check_dyndns, check_rdns, rspamd } \
tls-require pki darwinsys.com \
auth tag AUTH
TIA if anyone can help.
You need to share more than the listen lines.
You have omitted the check_rdns filter definition which is where we could plug
a bypass...
Ah, my bad. Here are all the filter def'ns, right out of somebody's blog :-)
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } \
disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns \
disconnect "550 no rDNS is so 80s"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 no FCrDNS is so 80s"
filter "rspamd" proc-exec "filter-rspamd"
Thanks