|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: RBL DNS whitelist again ....
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Wed Jun 29 2005 - 07:52:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 29 June 2005 02:11, R Wahyudi wrote:
> I know there are so many people asking about this,
I was one of them. For the record I still am. :) It would be a useful
feature, to maintain a whitelist in one place, and instantly share it
with numerous sites.
I think Wietse's objection to the idea is that if "RWL" lookups fail,
mail could be rejected. That's a risk I could live with and probably
work around.
I do believe this feature is coming eventually. We've heard talk of
separating the action from the lookup, such that reject_rbl_client
would become an alias for reject_lookup rbl_client your.block.rbl;
conversely there would be accept_lookup and defer_lookup actions. (I
can't remember the exact terms proposed; I think it was Viktor who
mentioned this.)
> I did a lot of research on this, but unable to find good solution to
> overcome this.
I think he suggested a policy daemon, as did Robert. It was easier for
me to just use hash and CIDR maps. But one who was handy with a
scripting language could easily write such a policy daemon.
> - If I can not do whitelist dns lookup, I think I will have to import
> the list into the hash file.
dig your.named. your.whitelist.zone. axfr | cut $OPT | sed [ ... ]
Should be easy enough. Run that whenever the zone data changes. Keep
maintaining your whitelist in DNS and eventually you might have the
feature we want. But by then you might be happy with the workaround. :)
> How effective and fast is the hash file with large file ?
Faster than even a local DNS lookup, I would think.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]