New jail for postfix: screendnsbl #3545
Conversation
|
any update on this PR |
| @@ -52,6 +52,10 @@ mdre-aggressive = %(mdre-auth2)s | |||
| mdpr-errors = too many errors after \S+ | |||
| mdre-errors = ^from [^[]*\[<HOST>\]%(_port)s$ | |||
|
|
|||
| # Extra mode "screendnsbl", triggered on postfix/postscreen[<PID>]: DNSBL rank <NUM> for [<HOST>]:<PORT> | |||
There was a problem hiding this comment.
I guess it is wrong mode name for DNS-based Blackhole List, correct would be dnsbl, but much better why not combine it with rbl?
There was a problem hiding this comment.
intention was to implement an optional feature, not extending/overwriting existing definitions leading to by others unexpected behavior
| @@ -599,6 +599,16 @@ backend = %(postfix_backend)s | |||
| maxretry = 1 | |||
|
|
|||
|
|
|||
| [postfix-screendnbl] | |||
There was a problem hiding this comment.
I'm still unsure it'd really expect a new jail.
I know there is one for RBL, but it is more for backwards compatibility reasons, however obsolete since mode rbl is included in mode normal too.
There was a problem hiding this comment.
intention was to implement an optional feature, not extending/overwriting existing definitions leading to by others unexpected behavior
26c0e52
to
f57844e
Compare
this extension adds a new postfix jail which can be optionally dedicated enabled.
It is triggered by a log line like
It catches a lot of unwanted connections and log volume decreased a lot.