Wietse Venema:
> > This is now implemented with minor changes. [...]
>
> I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
> because this is SMTP server code, and I mostly rely on postscreen's
> DNS whitelisting feature).
Same code, now available as postf
>
> I'm working on Spamhaus' new whitelist where our goal is to list only
> mail sources clean enough that you can skip the rest of the filtering.
> (So far so good, but it's still pretty small.)
>
> You're welcome to use it. The IP address version is at swl.spamhaus.org.
>
> For people who lik
On Sat, Nov 06, 2010 at 10:04:57AM -0400, Wietse Venema wrote:
> > Due to the DNS lookup latency inherent in incoming DKIM checks, doing
> > DKIM in post-queue content-filters is somewhat unattractive, as typically
> > one wants low-latency, modest concurrency in a post-queue filter.
>
> Another
Victor Duchovni:
> There will at some point be interest in DNSWL support for verified DKIM
> "d=" domains. For now that's out of scope (milters, pre-queue filters, ...)
> I've recently starting using the OpenDKIM library, ... it is fairly easy
> to support. If there is ever interest in directly sup
Noel Jones put forth on 11/5/2010 11:04 AM:
> On 11/5/2010 10:03 AM, Wietse Venema wrote:
>> This is now implemented with minor changes.
>
> Excellent! Looking forward to a test drive.
Excellent indeed. Thank you for implementing this Wietse.
Jerrale, it appears Wietse just solved your problem
On 11/5/2010 6:24 PM, Wietse Venema wrote:
This is now implemented with minor changes. [...]
I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
because this is SMTP server code, and I mostly rely on postscreen's
DNS whitelisting feature).
ftp://ftp.porcupine.org/mirrors/po
> This is now implemented with minor changes. [...]
I have uploaded postfix-2.8-20101105-nonprod for testing (nonprod
because this is SMTP server code, and I mostly rely on postscreen's
DNS whitelisting feature).
ftp://ftp.porcupine.org/mirrors/postfix-release/index.html and
mirror site
On Fri, Nov 05, 2010 at 04:51:14PM -, John Levine wrote:
> >Should we mention that these should only be used to reduce FPs from
> >blacklists that follow, and that are expected to not list legitimate
> >clients. ...
>
> Depends on the whitelist.
>
> I'm working on Spamhaus' new whitelist whe
On Fri, Nov 05, 2010 at 12:27:06PM -0400, Wietse Venema wrote:
> > Should we mention that these should only be used to reduce FPs from
> > blacklists that follow, and that are expected to not list legitimate
> > clients. Thus any temporary DNS lookup error would likely result an an
> > additional
>Should we mention that these should only be used to reduce FPs from
>blacklists that follow, and that are expected to not list legitimate
>clients. ...
Depends on the whitelist.
I'm working on Spamhaus' new whitelist where our goal is to list only
mail sources clean enough that you can skip the
Victor Duchovni:
> On Fri, Nov 05, 2010 at 11:03:34AM -0400, Wietse Venema wrote:
>
> > The current manpage text reads:
> >
> >reject_rbl_client rbl_domain=d.d.d.d
> > ...
> >permit_dnswl_client dnswl_domain=d.d.d.d
> > Accept the request when the reversed client
On 11/5/2010 10:03 AM, Wietse Venema wrote:
This is now implemented with minor changes.
Excellent! Looking forward to a test drive.
-- Noel Jones
On Fri, Nov 05, 2010 at 11:03:34AM -0400, Wietse Venema wrote:
> The current manpage text reads:
>
>reject_rbl_client rbl_domain=d.d.d.d
> ...
>permit_dnswl_client dnswl_domain=d.d.d.d
> Accept the request when the reversed client network address is
>
Noel Jones wrote in late August 2010:
> B) a "permit" based system, a mirror of reject_rbl_client.
>
> This would have a user interface similar to the existing
> reject_rbl_client with expected usage similar to access(5)
> based whitelists.
>
> Seems to me that checks using sender-supplied info
Hi,
today I added full IPv6 support and the amavisd-new bindings. Now it's possible
to have dnswl.py used as policy-service in postfix and if it find a MTA on a
whitelist, it automatically gets soft-whitelisted in amavis (using SQL).
I will put the new version on my side later on.
Have fun
Chr
Hi,
> Actually using a WL to let email through does not appear to have any
> advanatage except for the WL vendor.
>
>> Ah and yes, of course that is open source.
>
> Thanks for providing this!
well, at the one side you a right that currently the WL vendor may earn money.
But I fear the moment
Hi,
I have seen that several services on the internet started with DNS whitelists.
So I was looking for a way on how to integrate it into Postfix. Blacklisting
seems to be easy, but whitelisting not. So I was looking how to write a policy
service. I have coded a python daemon called dnswl.py th
this suitably safe, despite the simple interface.
Although most discussion has been about postscreen, I'm still
very interested in dns whitelisting in smtpd.
Once we (collectively) get the postscreen dnsxl scoring user
interface sorted out, it should be possible to adapt the
framework for
Updated Proposal for weighted dnsXl support in postscreen.
(Change parameter names to all start with postscreen_dns* for
easy reading in postconf. Get rid of negative site weight
values [the client dnsxl score total may still be negative].
Add filter octet range docs.)
(The weight ranges d
On 8/26/2010 4:14 PM, Wietse Venema wrote:
> The more precise solution is to implement wildcards with ranges:
>
> example.com=127.0.[0-128].3*1
> example.com=127.0.[0-5,6-9].3*1
Noel Jones:
> I like the range idea. You want proto docs reflecting that
> syntax?
Yes, that would help everyone to u
On 8/26/2010 4:14 PM, Wietse Venema wrote:
On 8/26/2010 2:28 PM, Wietse Venema wrote:
You can't use an alphanumerical operator such as "w", because the
"=127.0.*.3" portion is optional.
...
The more precise solution is to implement wildcards with ranges:
example.com=127.0.[0-128].3*1
example.
Noel Jones:
> This looks like a useful concept. If we use "*" as an octet
> wildcard, we'll need to use something else as the weight modifier.
> dnsbl_site=127.0.*.3w1 seems reasonable.
On 8/26/2010 2:28 PM, Wietse Venema wrote:
> You can't use an alphanumerical operator such as "w", because the
On 8/26/2010 2:28 PM, Wietse Venema wrote:
Noel Jones:
This looks like a useful concept. If we use "*" as an octet
wildcard, we'll need to use something else as the weight
modifier. dnsbl_site=127.0.*.3w1 seems reasonable.
You can't use an alphanumerical operator such as "w", because the
"=1
Noel Jones:
> This looks like a useful concept. If we use "*" as an octet
> wildcard, we'll need to use something else as the weight
> modifier. dnsbl_site=127.0.*.3w1 seems reasonable.
You can't use an alphanumerical operator such as "w", because the
"=127.0.*.3" portion is optional.
On 8/25/2010 4:54 PM, Noel Jones wrote:
On 8/25/2010 4:27 PM, Wietse Venema wrote:
Noel Jones:
Do we want to allow mixing DNSWLs and DNSBLs in one list?
I see them as being the same thing; just different weights.
Default to blacklist weight of 1; the user must specify a
negative weight for a w
Stan Hoeppner:
> Wietse Venema put forth on 8/25/2010 4:27 PM:
> > Noel Jones:
> >> As I see it, there are two complementary paths we can take
> >> with DNS whitelists, each with a slightly different purpose.
> >> While these are both useful, neither depends on the other, so
> >> postfix can impl
Wietse Venema put forth on 8/25/2010 4:27 PM:
> Noel Jones:
>> As I see it, there are two complementary paths we can take
>> with DNS whitelists, each with a slightly different purpose.
>> While these are both useful, neither depends on the other, so
>> postfix can implement either or both.
>
>
Matthias Leisi:
> On Wed, Aug 25, 2010 at 11:27 PM, Wietse Venema wrote:
>
> > ?dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2
> > ?dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4
>
> What about wildcarding? dnswl.org currently returns 127.0
On Wed, Aug 25, 2010 at 11:27 PM, Wietse Venema wrote:
> dnswl1.example.com=127.0.0.2*weight1, dnswl2.example.com=127.0.0.1*weight2
> dnsbl3.example.com=127.0.0.3*weight3, dnsbl4.example.com=127.0.0.1*weight4
What about wildcarding? dnswl.org currently returns 127.0.n.[0-3],
with "n" being num
* Wietse Venema :
> Noel Jones:
> > As I see it, there are two complementary paths we can take
> > with DNS whitelists, each with a slightly different purpose.
> > While these are both useful, neither depends on the other, so
> > postfix can implement either or both.
>
> I'll read the entire pro
On 8/25/2010 6:17 PM, Wietse Venema wrote:
Noel Jones:
On 8/25/2010 4:27 PM, Wietse Venema wrote:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
po
On Wed, 25 Aug 2010, Noel Jones wrote:
The user interface would be familiar to anyone using rbl checks. Sample
documentation under the appropriate smtpd_mumble_restrictions section:
- permit_dnswl_client dnswl_domain=d.d.d.d
Accept the request when the reversed client IP network address is l
Noel Jones:
> On 8/25/2010 4:27 PM, Wietse Venema wrote:
> > Noel Jones:
> >> As I see it, there are two complementary paths we can take
> >> with DNS whitelists, each with a slightly different purpose.
> >> While these are both useful, neither depends on the other, so
> >> postfix can implement ei
On 8/25/2010 4:27 PM, Wietse Venema wrote:
Noel Jones:
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
I'll read the entir
Noel Jones:
> As I see it, there are two complementary paths we can take
> with DNS whitelists, each with a slightly different purpose.
> While these are both useful, neither depends on the other, so
> postfix can implement either or both.
I'll read the entire proposal later.
Would this notatio
As I see it, there are two complementary paths we can take
with DNS whitelists, each with a slightly different purpose.
While these are both useful, neither depends on the other, so
postfix can implement either or both.
My proposals:
A) scoring in postscreen
A dns whitelist/blacklist scoring
Steve Linford put forth on 8/25/2010 8:27 AM:
> Just to add to the mix if Postfix is working on whitelist implementation...
> Spamhaus has assigned 127.0.2.0/24 for whitelist return codes. The new
> Spamhaus Whitelist ("SWL") due out very shortly will return 127.0.2.2 and
> 127.0.2.3 and Spamha
On 24 Aug 2010, at 21:37, Wietse Venema wrote:
> Stan Hoeppner:
>> Wietse Venema put forth on 8/23/2010 10:11 AM:
>>> Noel Jones:
>>
>>> (Might be time to revisit DNS whitelists in
postfix.)
>>>
>>> Maybe someone can draft a strawman user interface:
>>>
>>> - what is the configuration syn
e SMTP server gets. We're talking about a
> really tight development budget here.
Darn. With all candor and humility Wietse, I don't think postscreen is
the right place to implement dnswl whitelisting. Or, I should say, it's
not a complete dns whitelisting solution, but only a smal
Stan Hoeppner:
> Noel Jones put forth on 8/24/2010 2:18 PM:
>
> > - This is specific for dnswl.org. Postfix needs a general mechanism.
> > Other whitelists are not required to follow dnswl.org's 127.0.x.y
> > mechanism.
>
> Yeah, I used this example as dnswl is, afaik, the most "established" of
Noel Jones put forth on 8/24/2010 2:18 PM:
> - This is specific for dnswl.org. Postfix needs a general mechanism.
> Other whitelists are not required to follow dnswl.org's 127.0.x.y
> mechanism.
Yeah, I used this example as dnswl is, afaik, the most "established" of
the dns whitelists. I haven
Stan Hoeppner:
> Wietse Venema put forth on 8/23/2010 10:11 AM:
> > Noel Jones:
>
> > (Might be time to revisit DNS whitelists in
> >> postfix.)
> >
> > Maybe someone can draft a strawman user interface:
> >
> > - what is the configuration syntax
> >
> > - what does that syntax mean
> >
> > -
On 8/24/2010 1:36 PM, Stan Hoeppner wrote:
Wietse Venema put forth on 8/23/2010 10:11 AM:
Noel Jones:
(Might be time to revisit DNS whitelists in
postfix.)
Maybe someone can draft a strawman user interface:
- what is the configuration syntax
- what does that syntax mean
- how to make it
Wietse Venema put forth on 8/23/2010 10:11 AM:
> Noel Jones:
> (Might be time to revisit DNS whitelists in
>> postfix.)
>
> Maybe someone can draft a strawman user interface:
>
> - what is the configuration syntax
>
> - what does that syntax mean
>
> - how to make it safe ( we don't want "ope
Noel Jones:
[ Charset UTF-8 unsupported, converting... ]
> On 8/23/2010 8:48 AM, Ralf Hildebrandt wrote:
> > * p...@alt-ctrl-del.org:
> >> I find that a lot of spam comes from recently registered, throw away
> >> domains. The new domain may be used as the sender, hostname, or name
> >> server.
> >>
45 matches
Mail list logo
