postfix-users May 2014 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Whitelisting individual addresses with postsc

Re: Whitelisting individual addresses with postscreen

From: Noel Jones <njones_at_nospam>
Date: Wed May 14 2014 - 21:22:39 GMT
To: postfix-users@postfix.org

On 5/14/2014 10:50 AM, Benny Pedersen wrote:
> Marius Gologan skrev den 2014-05-14 17:21:
>> This should help you discover most (not all) IP ranges in cidr
>> format:
>> host -t txt outlook.com | tr " " '\n' | awk '/\./' | sed
>> "s/include:\|ip4://g" | sort -u | grep -i "[a-z]" | while read
>> record; do
>> host -t txt $record ; done | tr ' ' '\n' | awk -F ":"
>> '/[0-9]*\.[0-9]/
>> {print $2"\tpermit"}' | sort -u
>
> missing ip6 mx a aaaa
>
> but the basic are there :=)
>
> if one make a spf tool that list all ips pr sender domain in a easy
> parselble form it would be nice to see, use spf as safe source for
> the cidr list to postscreen

A far more scalable solution:

a) don't use "scoring" DNSBL's such as spamcop in postscreen

b) use a DNSWL such as list.dnswl.org in postscreen so you don't
reject mail from a legit host. Yes, hotmail is a legit host.

Remember, postscreen is designed to keep easily identified zombies
out, not to do all your spam filtering.

This doesn't mean accept all mail from hotmail, but instead be
careful when you're painting with a very broad brush.

Hotmail should still be passed to the content filters and antivirus
for more in-depth analysis.

  -- Noel Jones