Pavel Gulchouck wrote:
>>What do you mean by "with BestMX"?
>
> BestMX also known as primary MX, MX with the best priority.
>
> For example, I have a relay 193.109.240.57 which receive mail
> for many customers' domains, it is primary MX for its. And I
> have a relay2 which is a secondary MX for all that domains.
> How can I configure relay2 for relaying all domains which has
> bestMX to 193.109.240.57 without manually enumetrating its?
>
> If I setup relay-based-on-MX (use @mx_any or @mx_secondary),
> anybody will allow use me as his relay by specifying my router
> as MX in the DNS, and I do not want it.
AFAIK you can't, but I've just got an nice idea ....
Basicly, use the dnsdb-lookup, and add a special TXT record to your
zonefiles, maybe something like this
example.com TXT SECRET_TEXT
where SECRET_TEXT is the result of
echo -n "YourSecretPassword|example.com" | md5sum
with some lookup like this, you should be able to verify that the domain
is managed by your server.
${if eq {${lookup dnsdb {$domain}{$value}{}}} \
{$md5:YourSecretPassword|$domain} {1}{0}}
This will lookup the md5sum from the domain's TXT-record, and compare it
to the md5sum generated by your password and the domain-name, you can
use this in any condition-statement, where $domain is set.
By using the md5sum and a secret password, the whole thing should be
secure against any kind of abuse.
Well, maybe there are better ways, but this should work ;)
You could also try to use the result of
${lookup dnsdb{MX=example.com}}
with a clever match against your primary's server ip, but this could
still be abused (At least I can't think of a way to make this secure).
Nico
--
There are probably better ways to do that, but it would make the parser
more complex. I do, occasionally, struggle feebly against complexity...
:-)
--Larry Wall in <7886@???>
