Patrick Ben Koetter
2016-02-20 06:23:17 UTC
Mark,
please find our DNSBL to policy bank patch attached.
The purpose of this patch is to query a (local) DNSBL service for a given IP
address and let amavis add the IP to a policy bank if the IP was listed on
that DNSBL list.
This is how we use it:
@client_ipaddr_policy = (
Amavis::Lookup::DNSBL::read_dns(qw(127.0.0.1), {port=>53, tcp_timeout=>1, udp_timeout=>1, persistent_udp=>1, persistent_tcp=>1}, "%a.dnswl.csa",[qw(127.0.0.50 127.0.0.2)]) => 'CSA',
[qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
\@mynetworks => 'MYNETS'
);
In the example above read_dns configures amavis to connect to a DNS service on
127.0.0.1. amavis will query for a record constructed from the clients IP
address '%a' and the domainpart ".dnswl.csa". If the DNS service replies either
127.0.0.50 or 127.0.0.2 amavis should apply the settings configured in a CSA
policy_bank.
We use this feature to excempt particular IPs from SPAM scanning in a large
SMTP cluster, where it is easier to provide the IP list via DNS instead of
pushing a CIDR out to all scan nodes.
We find this feature quite useful to and I hope you will add it to amavis.
Regards
***@rick
please find our DNSBL to policy bank patch attached.
The purpose of this patch is to query a (local) DNSBL service for a given IP
address and let amavis add the IP to a policy bank if the IP was listed on
that DNSBL list.
This is how we use it:
@client_ipaddr_policy = (
Amavis::Lookup::DNSBL::read_dns(qw(127.0.0.1), {port=>53, tcp_timeout=>1, udp_timeout=>1, persistent_udp=>1, persistent_tcp=>1}, "%a.dnswl.csa",[qw(127.0.0.50 127.0.0.2)]) => 'CSA',
[qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
\@mynetworks => 'MYNETS'
);
In the example above read_dns configures amavis to connect to a DNS service on
127.0.0.1. amavis will query for a record constructed from the clients IP
address '%a' and the domainpart ".dnswl.csa". If the DNS service replies either
127.0.0.50 or 127.0.0.2 amavis should apply the settings configured in a CSA
policy_bank.
We use this feature to excempt particular IPs from SPAM scanning in a large
SMTP cluster, where it is easier to provide the IP list via DNS instead of
pushing a CIDR out to all scan nodes.
We find this feature quite useful to and I hope you will add it to amavis.
Regards
***@rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
FranziskanerstraÃe 15, 81669 MÃŒnchen
Sitz der Gesellschaft: MÃŒnchen, Amtsgericht MÃŒnchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
FranziskanerstraÃe 15, 81669 MÃŒnchen
Sitz der Gesellschaft: MÃŒnchen, Amtsgericht MÃŒnchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein