|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ANN] ShadeList: DNS-based white/blacklist policy server
From: Victor Duchovni (Victor.Duchovni
MorganStanley.com)
Date: Tue Feb 07 2006 - 08:49:26 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Feb 07, 2006 at 03:36:45PM +0100, Luc Pardon wrote:
> Some time ago I wrote a simple Postfix policy server to access
> DNS-based whitelists. I just put it online at:
>
> http://www.skopos.be/downloads/postfix/shadelist.html
>
The feature set looks good. I hope it catches on and improves with code
donations from other users. Thanks.
One suggestion, the "-nd" switch should ideally be split into two pieces,
allowing one to ignore blacklist lookup failures (matching default Postfix
policy: some blacklisted mail will get in, but blacklist outages don't
disable mail delivery) without also ignoring whitelist lookup failures
(defer_if_reject does not break mail delivery).
I would further recommend, that once the "-nd" behaviour is split into
two cases the *default* for blacklists should in fact be to ignore lookup
failures. Blacklists are attractive DDoS targets, and it would unfortunate
to amplify the scope of such attacks by delaying mail delivery for all
sites that use the blacklist under attack.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]