RE: selective greylisting?
- Hello Folkert,
Folkert van Heusden wrote:
> Would it be possible to do selective greylisting triggered byYes. Eather use the function included with sqlgrey or if you want postfix to handle it have a look to check_client_access (if you want it per smtp-client host), check_recipient_access (if you want it per recipient) and check_sender_access (if you want it per sender).
> an rbl-list?
I use the following:
Additionally you have to define a new restriction class:
smtpd_restriction_classes = check_greylist
check_greylist = check_policy_service inet:127.0.0.1:2501
After it you can define the corresponding entries in your lookup tables für check_*_access and forward it to check_greylist as destination.
My dialups.pcre includes the following:
# well-known names do not need to be greylisted (one line!)
# everything with 4 or more dots/hyphens in the hostname
# every host with no reverse DNS
# grelist hosts with potential dynamic IP character in reverse DNS
# stolen from http://sqlgrey.bouton.name/dyn_fqdn.regexp (one line!)
> Cami's policyd is "asynchronous", so needs an asynchronous resolver.Not sure what you are trying to say here.
> There aren't much async resolver implementations out there, and the
> available ones haven't been used enough. also, people are used to their
> system resolver (integration with nsswitch and the like)...
p0f has nothing to do with DNS, it just passively examines packets
of normal SMTP sessions, just like tcpdump, trying to guess what
type of network stack is running on remote side.