|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Update: Postfix blacklist by MX or NS host
From: Alexander Skwar (listen
alexander.skwar.name)
Date: Sat Sep 20 2003 - 07:12:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Noel Jones wrote:
> At 02:42 PM 9/19/03, Alexander Skwar wrote:
>>Do I understand this right? The patch (somehow) did not work?
> This sounds like either:
> a) the patch didn't work for some reason and you need to try it again.
Just like it was to be expected, the error was on my side. I'm also
using the TLS patch and forgot to apply the ns-mx-acl patch to the TLS
copy of the source code files (ie., the TLS version of Postfix did not
get the patch applied).
After fixing this, I can use check_helo_mx_access (and the like) just
fine. Thanks to all that helped me!
I've still got a question reg. the patch. It introduced the
check_mumble_ns_access check. What does it do? I understand it so, that
it "does a 'dig _domainname_ ns'". Is this correct? So it would get this
kind of response:
# dig sdfsadfsadf.net ns
; <<>> DiG 9.2.2 <<>> sdfsadfsadf.net ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44296
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;sdfsadfsadf.net. IN NS
;; AUTHORITY SECTION:
net. 10800 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 2003091901 1800 900 604800 86400
;; Query time: 20 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Sep 20 14:12:31 2003
;; MSG SIZE rcvd: 106
What can I do with this check? Control access based on where the domain
is registered? How would I use check_mumble_ns_access to block Verisign?
Alexander Skwar
--
-> Keine Kopien senden - ich lese die Listen in denen ich schreibe! <-
-> Do not CC me on replies - I read the list in which I write! <-
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]