Re: Policy Server

From: Martin Schmitt (no email)
Date: Tue Aug 14 2007 - 09:06:35 EDT

  • Next message: Martin Schmitt: "Re: header_checks"

    Peter Rabbitson schrieb:
    > I wanted to make sure I am doing the right thing before I deploy my
    > policy server. Here is what it does:
    > * Extracts the domain of 'recipient' (takes everything to the right of
    > the last @)
    > * Builds a list of all A records of all MX records of the extracted
    > domain name
    > * Checks if 'client_address' matches any of the resolved A records
    > * If a match is found returns action=PERMIT otherwise action=DUNNO
    > reject_unauth_destination is placed in front of the
    > check_policy_service, ensuring that PERMIT can potentially be returned
    > only for final destination or relayed messages, that come from one of
    > our MXes.

    I'm not very good analyzing other people's restriction sets, but I think
    your description does sound like it will work. Basically, you're just
    replacing the CIDR check with the query to the policy service.


    Martin Schmitt - Schmitt Systemberatung -
    DE 35415 Pohlheim, Gießener Str. 18
    DE 65307 Bad Schwalbach, Am Bräunchesberg 9
    Linux/UNIX - Internet - E-Mail Infrastructure - Antispam/Antivirus
    - "What goes up, must come down. Ask any system administrator." -

  • Next message: Martin Schmitt: "Re: header_checks"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD