Next message: Martin Schmitt: "Re: header_checks"
Peter Rabbitson schrieb:
> I wanted to make sure I am doing the right thing before I deploy my
> policy server. Here is what it does:
>
> * Extracts the domain of 'recipient' (takes everything to the right of
> the last @)
> * Builds a list of all A records of all MX records of the extracted
> domain name
> * Checks if 'client_address' matches any of the resolved A records
> * If a match is found returns action=PERMIT otherwise action=DUNNO
>
> reject_unauth_destination is placed in front of the
> check_policy_service, ensuring that PERMIT can potentially be returned
> only for final destination or relayed messages, that come from one of
> our MXes.
I'm not very good analyzing other people's restriction sets, but I think
your description does sound like it will work. Basically, you're just
replacing the CIDR check with the query to the policy service.
-martin
--
Martin Schmitt - Schmitt Systemberatung - http://www.scsy.de
DE 35415 Pohlheim, Gießener Str. 18
DE 65307 Bad Schwalbach, Am Bräunchesberg 9
Linux/UNIX - Internet - E-Mail Infrastructure - Antispam/Antivirus
- "What goes up, must come down. Ask any system administrator." -
