Greetings, It was a while in this thread, but I don't forget.
I put all my ideas to filter-dnsbl as a fork which is available on GitHub: https://github.com/catap/opensmtpd-filter-dnsbl Here the quote from updated man page which summirizes changes: filter-dnsbl looks up the IP address of the sender in the blacklist (a domain name) and, by default drops the connection if it is found. If the -m flag is specified, it will allow the message to continue, but such a message will be marked with X-Spam header with value Yes, and X-Spam-DNSBL header containing a list, and any existing headers starting with X-Spam will be stripped. If the -w flag is specified before blacklist, this list is treated as white list and X-Spam header isn't added, but X-Spam-DNSWL header is added instead X-Spam-DNSBL. Additionally, if the -d flag is specified before blacklist, it will use reverse DNS hostname instead of IP address for loopkup. For more verbose logging, the -v flag can be used. When DNS error happened it drops the connection, or adds X-Spam header with value Unknown and X-Spam-DNS with a list with cause an error if the -m flag is specified. I've attached to this email port file for OpenBSD to to use it. Additionally, you may grab build version for 7.5 from https://mx0.catap.net/pub/ where I also keep filter-sign and filter-auth. Any feedback and testing welcome. Martijn, do you think this changes can be backported back? -- wbr, Kirill
filter.tgz
Description: Binary data