Hallo allerseits -
der letzte snapshot von Postfix (2.0.16-20030917) unterstützt jetzt auch access control nach MX oder NS host.
This is to announce an unofficial patch for Postfix 2.0 to black-list domain names by their mail server (such as Verisign`s mail server for non-existent .com or .net domain names) or by their DNS servers.
The patch for Postfix 2.0 is based on code that was developed for Postfix snapshot 20030917.
ftp://ftp.porcupine.org/mirrors/postfix-...mx-acl-patch.gz
Below the signature is a description from the Postfix snapshot 20030917 release notes file.
Wietse
New check_{helo,sender,recipient}_{ns,mx}_access maptype:mapname restriction that applies the specified access table to the NS or
MX hosts of the host/domain given in HELO, EHLO, MAIL FROM or RCPT TO commands.
This can be used to block mail from so-called spammer havens, or from sender addresses that resolve to Verisign`s wild-card mail responder, currently at IP address 64.94.110.11.
/etc/postfix/main.cf:
smtpd_mumble_restrictions =
...
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/mx_access
...
/etc/postfix/mx_access:
spammer.haven.tld reject spammer mx host
64.94.110.11 reject verisign wild-card domain
Note: OK actions are not allowed for security reasons. Instead of OK, use DUNNO in order to exclude specific hosts from blacklists. If an OK result is found for an NS or MX host, Postfix rejects the SMTP command with "451 Server configuration error".
Zu gegebener Zeit werde ich ein (S)RPM erstellen.

--

Disclaimer:This post is for educational and entertainment purpose only