DNS whitelilst for postscreen_access_list
Hi, I would like to use dnswl.org as an access list for postscreen_access_list. Unfortunately, permit_dnswl_client can be only used for the smtpd_client_restrictions. Is there any other way to use dns based whitelist for postscreen_access_list? Ihsan -- ih...@dogan.chhttp://blog.dogan.ch/
Re: DNS whitelilst for postscreen_access_list
??hsan??Do??an: Hi, I would like to use dnswl.org as an access list for postscreen_access_list. Unfortunately, permit_dnswl_client can be only used for the smtpd_client_restrictions. Is there any other way to use dns based whitelist for postscreen_access_list? Use postscreen_access_list for static black/white lists. Use postscreen_dnsbl_sites for dynamic black/white lists. Wietse
Re: DNS whitelilst for postscreen_access_list
Hi, Am 10.07.2011 20:31, schrieb Wietse Venema: I would like to use dnswl.org as an access list for postscreen_access_list. Unfortunately, permit_dnswl_client can be only used for the smtpd_client_restrictions. Is there any other way to use dns based whitelist for postscreen_access_list? Use postscreen_access_list for static black/white lists. Use postscreen_dnsbl_sites for dynamic black/white lists. On the first connect, Postscreen returns a 450 and adds the client to the Postscreen cache. If the sending MTA is white listed, I'd like to avoid this delay. Ihsan -- ih...@dogan.chhttp://blog.dogan.ch/
Re: DNS whitelilst for postscreen_access_list
On 2011-07-10 21:47, İhsan Doğan wrote: Hi, Am 10.07.2011 20:31, schrieb Wietse Venema: I would like to use dnswl.org as an access list for postscreen_access_list. Unfortunately, permit_dnswl_client can be only used for the smtpd_client_restrictions. Is there any other way to use dns based whitelist for postscreen_access_list? Use postscreen_access_list for static black/white lists. Use postscreen_dnsbl_sites for dynamic black/white lists. On the first connect, Postscreen returns a 450 and adds the client to the Postscreen cache. If the sending MTA is white listed, I'd like to avoid this delay. As documented, if the sender is whitelisted, this does not happen. As per http://www.postfix.org/postscreen.8.html, either you manually whitelist a client, in which case all postscreen tests are skipped, or you let it be whitelisted when it passes the tests. It's one or the other, you can't have both. IF these tests include the deep protocol tests, the first message will be deferred. http://www.postfix.org/POSTSCREEN_README.html#after_220 Ihsan -- J.
Re: DNS whitelilst for postscreen_access_list
??hsan??Do??an: [ Charset UTF-8 unsupported, converting... ] Hi, Am 10.07.2011 20:31, schrieb Wietse Venema: I would like to use dnswl.org as an access list for postscreen_access_list. Unfortunately, permit_dnswl_client can be only used for the smtpd_client_restrictions. Is there any other way to use dns based whitelist for postscreen_access_list? Use postscreen_access_list for static black/white lists. Use postscreen_dnsbl_sites for dynamic black/white lists. On the first connect, Postscreen returns a 450 and adds the client to the Postscreen cache. If the sending MTA is white listed, I'd like to avoid this delay. Then, don't use the after 220 greeting tests. They stop less than one percent of the spambots. If I had known that in advance I would probably not have added those tests. It would be a mistake to include DNS lookups with postscreen_access_list, because those lookups happen before postscreen examines the dynamic whitelist. That would slow down all the clients that are already on the dynamic whitelist. Wietse Ihsan -- ih...@dogan.chhttp://blog.dogan.ch/