On Fri, Jul 17, 2009 at 09:30:51PM -0700, Todd Lyons wrote:
> servers. I have decided that for now I'm only going to greylist those
> connections where the ip doesn't reverse resolve. From my limited
> understanding, the hosts line below should only pass when there is an
> actual PTR record for the IP address. But I get the log_message for
> every hosts that connects, with or without reverse dns. What's wrong
> with what I have below?
>
> warn !senders = :
> !authenticated = *
> !hosts = +relay_from_hosts
> !hosts = ${lookup dnsdb{ptr=$sender_host_address}{$value}fail}
> log_message = No reverse DNS for $sender_host_address, would greylist check
Try this instead:
warn !senders = :
!authenticated = *
!hosts = +relay_from_hosts
!condition = ${lookup dnsdb{defer_never,ptr=$sender_host_address}{yes}}
log_message = No reverse DNS for $sender_host_address, would gre\
ylist check
The "defer_never" is important. Without it, you might end up sending
a temporary error (4xx) code back to the sender if any part of the DNS
lookups hang for some reason. Unless that's what you want to have happen.
There's more detail about the defer_xx items in section 9.12 in spec.txt.
We also don't want to use "fail" in the failure of the lookup unless
you want to cause a 4xx code back to the sender if they don't have a
PTR record. That would be bad.
--
Dean Brooks
dean@???