From: mouss (moussnetoyen.net)
Date: Tue Feb 12 2008 - 05:19:54 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Cedric Knight, GreenNet wrote:
> [snip]
>
> Thanks. That makes my options clear. In fact, one of the purposes of
> doing this was preventing some connections getting as far as the
> policy stage (in this case gps greylisting) and avoiding relatively
> CPU-intensive database lookups. Maybe I'll request it as a feature,
> but in the meantime I may have to break the banned hostnames down into
> IP/24 blocks.
>

one way to do what you want is to tempfail on "uknown" clients, then
have an offline process that parses the logs, performs the PTR lookup
(which has been cached by your DNS server since postfix did the lookup),
and if the client matches your acls, then add it to a block list.
otherwise, add it to a "skip" list (to avoid tempfailing on the same
client).

Also, you can perfomr your lookups on the helo name. In many cases, the
helo name matches the PTR.

Of course, the PBL lists many such clients, so using zen.spamhaus.org
helps a lot.

Finally, many zombies helo with a literal IP. if you don't want to
reject on this, you can consider calling reject_unknown_client if the
helo is a literal IP.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]