From: SATOH Kiyoshi (satoh0hakuba.jp)
Date: Wed Nov 01 2006 - 23:24:04 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi.

I have the same idea, too.
In order to use greylisting and DNSBL more safely.
I wanted to do greylisting only for dynamic IP.

Ex.1
/etc/postfix/main.cf
---
smtpd_restriction_classes =
    check_greylist
check_greylist = check_policy_service inet:60000
smtpd_recipient_restrictions =
    $B!D(B
    check_client_access regexp:/etc/postfix/check_client_fqdn
---
/etc/postfix/check_client_fqdn
---
/^unknown$/ check_greylist
/^[^\.]*[0-9][^0-9\.]+[0-9]/ check_greylist
/^[^\.]*[0-9]{5}/ check_greylist
/^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]/ check_greylist
/^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9]/ check_greylist
/^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\./ check_greylist
/^(dhcp|dialup|ppp|adsl)[^\.]*[0-9]/ check_greylist
---

About a pattern of this dynamic IP, please refer to this site.
Study Report of an Anti-spam System with a 99% Block Rate
 -- TheSelective SMTP Rejection (S25R) System --
http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html

And, I wanted to use this method by DNSBL.
Ex.1 can be replaced like this.

Ex.2
/etc/postfix/main.cf
---
smtpd_recipient_restrictions =
    $B!D(B
    check_client_access regexp:/etc/postfix/check_client_fqdn
    check_policy_service inet:60000
---
/etc/postfix/check_client_fqdn
---
!/(^unknown$)|(^[^\.]*[0-9][^0-9\.]+[0-9])|(^[^\.]*[0-9]{5})|(^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z])|(^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9])|(^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\.)|(^(dhcp|dialup|ppp|adsl)[^\.]*[0-9])/
OK
---

Ex.3 - Only dynamic IP is checked by DNSBL.
/etc/postfix/main.cf
---
smtpd_recipient_restrictions =
    $B!D(B
    check_client_access regexp:/etc/postfix/check_client_fqdn
    reject_rbl_client spamcop.org
---

--
SATOH Kiyoshi <satohhakuba.jp> http://d.hatena.ne.jp/stealthinu/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]