Loading ...
Sorry, an error occurred while loading the content.

postscreen_dnsbl_sites load list to memory from external file

Expand Messages
  • Uffe Jakobsen
    Hi, Feature request: It would be nice if the postscreen_dnsbl_sites list could be loaded into memory (once - upon start/reload) from an external file - that
    Message 1 of 8 , Jun 24, 2014
    • 0 Attachment
      Hi,

      Feature request:

      It would be nice if the "postscreen_dnsbl_sites" list could be loaded
      into memory (once - upon start/reload) from an external file - that
      doesn't seem to be possible right now - or am I wrong ?

      /Uffe
    • Viktor Dukhovni
      ... # cd /etc/postfix; make; postfix reload The make(1) command updates main.cf from an external file. -- Viktor.
      Message 2 of 8 , Jun 24, 2014
      • 0 Attachment
        On Tue, Jun 24, 2014 at 05:55:47PM +0200, Uffe Jakobsen wrote:

        > Feature request:
        >
        > It would be nice if the "postscreen_dnsbl_sites" list could be loaded into
        > memory (once - upon start/reload) from an external file - that doesn't seem
        > to be possible right now - or am I wrong ?

        # cd /etc/postfix; make; postfix reload

        The make(1) command updates main.cf from an external file.

        --
        Viktor.
      • Uffe Jakobsen
        ... Your installation or platform must be differeent from mine (FreeBSD) - I have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/ config
        Message 3 of 8 , Jun 24, 2014
        • 0 Attachment
          On 2014-06-24 18:06, Viktor Dukhovni wrote:
          > On Tue, Jun 24, 2014 at 05:55:47PM +0200, Uffe Jakobsen wrote:
          >
          >> Feature request:
          >>
          >> It would be nice if the "postscreen_dnsbl_sites" list could be loaded into
          >> memory (once - upon start/reload) from an external file - that doesn't seem
          >> to be possible right now - or am I wrong ?
          >
          > # cd /etc/postfix; make; postfix reload
          >
          > The make(1) command updates main.cf from an external file.
          >

          Your installation or platform must be differeent from mine (FreeBSD) - I
          have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/
          config dir.

          But it was not was I was looking for - because for various reasons the
          userid that writes the dnsbl sites file has no permissions to write
          main.cf nor realod postfix.

          /Uffe
        • Wietse Venema
          ... The idea is that you to create that Makefile. ... Including data from an non-root account into main.cf is not supported. Anyone who can change main.cf can
          Message 4 of 8 , Jun 24, 2014
          • 0 Attachment
            Uffe Jakobsen:
            > Your installation or platform must be differeent from mine (FreeBSD) - I
            > have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/
            > config dir.

            The idea is that you to create that Makefile.

            > But it was not was I was looking for - because for various reasons the
            > userid that writes the dnsbl sites file has no permissions to write
            > main.cf nor realod postfix.

            Including data from an non-root account into main.cf is not supported.
            Anyone who can change main.cf can also elevate privileges to root.

            Wietse
          • Viktor Dukhovni
            ... That Makefile can validate the safety of the externally sourced data, and update main.cf. ... But root (the account that actually performs the reload) can
            Message 5 of 8 , Jun 24, 2014
            • 0 Attachment
              On Tue, Jun 24, 2014 at 12:35:15PM -0400, Wietse Venema wrote:
              > Uffe Jakobsen:
              > > Your installation or platform must be differeent from mine (FreeBSD) - I
              > > have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/
              > > config dir.
              >
              > The idea is that you to create that Makefile.

              That Makefile can validate the safety of the externally sourced data,
              and update main.cf.

              > > But it was not was I was looking for - because for various reasons the
              > > userid that writes the dnsbl sites file has no permissions to write
              > > main.cf nor realod postfix.

              But root (the account that actually performs the reload) can update
              main.cf.

              --
              Viktor.
            • lists@rhsoft.net
              ... IMHO all answers bypass the question which was not to list the configured blacklists in an external file - some blacklists offer to download / rsync the
              Message 6 of 8 , Jun 24, 2014
              • 0 Attachment
                Am 24.06.2014 18:41, schrieb Viktor Dukhovni:
                > On Tue, Jun 24, 2014 at 12:35:15PM -0400, Wietse Venema wrote:
                >> Uffe Jakobsen:
                >>> Your installation or platform must be differeent from mine (FreeBSD) - I
                >>> have no Makefile, GNUmakefile or BSDmakefile in /usr/local/etc/postfix/
                >>> config dir.
                >>
                >> The idea is that you to create that Makefile.
                >
                > That Makefile can validate the safety of the externally sourced data,
                > and update main.cf.
                >
                >>> But it was not was I was looking for - because for various reasons the
                >>> userid that writes the dnsbl sites file has no permissions to write
                >>> main.cf nor realod postfix.
                >
                > But root (the account that actually performs the reload) can update
                > main.cf.

                IMHO all answers bypass the question which was not to list the
                configured blacklists in an external file - some blacklists offer
                to download / rsync the complete list data into a local file and
                so no DNS requests needed
              • Uffe Jakobsen
                ... Agree - I did never mean to suggest to include any file (externally owned, potentially unsafe or not) into main.cf. What I was suggesting was that main.cf
                Message 7 of 8 , Jun 24, 2014
                • 0 Attachment
                  On 2014-06-24 18:35, Wietse Venema wrote:
                  >
                  >> But it was not was I was looking for - because for various reasons the
                  >> userid that writes the dnsbl sites file has no permissions to write
                  >> main.cf nor realod postfix.
                  >
                  > Including data from an non-root account into main.cf is not supported.
                  > Anyone who can change main.cf can also elevate privileges to root.
                  >

                  Agree - I did never mean to suggest to include any file (externally
                  owned, potentially unsafe or not) into main.cf.

                  What I was suggesting was that main.cf should instruct postfix to fetch
                  the dnsbl list from an external file - in my mind this is not the same
                  as to include anothoer file into main.cf

                  Disclaimer - I have very little knowledge (read: ~0) of the inner
                  working details of postfix and its configuration file and safety mechanisms.

                  /Uffe
                • Wietse Venema
                  ... The lists of DNSBL/DNSWL sites in postscreen_dsbl_sites is not supposed to change all the time. It is supposed to be a limited number of sites that you
                  Message 8 of 8 , Jun 24, 2014
                  • 0 Attachment
                    Uffe Jakobsen:
                    >
                    > On 2014-06-24 18:35, Wietse Venema wrote:
                    > >
                    > >> But it was not was I was looking for - because for various reasons the
                    > >> userid that writes the dnsbl sites file has no permissions to write
                    > >> main.cf nor realod postfix.
                    > >
                    > > Including data from an non-root account into main.cf is not supported.
                    > > Anyone who can change main.cf can also elevate privileges to root.
                    >
                    > Agree - I did never mean to suggest to include any file (externally
                    > owned, potentially unsafe or not) into main.cf.
                    >
                    > What I was suggesting was that main.cf should instruct postfix to fetch
                    > the dnsbl list from an external file - in my mind this is not the same
                    > as to include anothoer file into main.cf

                    The lists of DNSBL/DNSWL sites in postscreen_dsbl_sites is not
                    supposed to change all the time. It is supposed to be a limited
                    number of sites that you trust. Postscreen performance depends on
                    the slowest DNSBL service.

                    Wietse
                  Your message has been successfully submitted and would be delivered to recipients shortly.