討論 - 非常慎重的考慮放棄sendmail =.=

[Chin-Wei]

今天下午在設定 enhdnsbl 的時候，想說黑名單設一設，會不會一不小心去把isp的mail server也擋掉？有點可怕，就去找了找白名單的設定方式。在google上找到這篇：
http://patrick.vande-walle.eu/softwa...sing-sendmail/

其實重點在這段：

引用:

DNS white list

Why should you have a DNS white list ? Sometimes, you may need to accept e-mails from machines placed on DNS black lists. In this case, running a local white list is an answer. Beware that the following line should appear in your Sendmail.mc BEFORE the lines mentioning the blacklists.

HACK(`dnswl’, `whitelist.yourserver.com’)dnl

Replace yourserver.com with your own DNS server. You should also add a file named dnswl.m4 in /usr/share/sendmail-cf/hack containing:

divert(8)
R$* $: $&{client_addr}
R::ffff:$-.$-.$-.$- $: $(host $4.$3.$2.$1._ARG_. $: NotFound $)
R$-.$-.$-.$- $: $(host $4.$3.$2.$1._ARG_. $: NotFound $)
RNotFound $: OKSOFAR
R$+ $@
divert(-1)

On the DNS side (I am assuming you are using Bind), you would create a zone file with lines such as:

$ttl 5M
whitelist.yourserver.com. IN SOA whitelist.yourserver.com. hostmaster.yourserver.com. (
2006010300
1D
2H
30D
4D )

whitelist.yourserver.com. IN NS dns.yourserver.com.
IN A 0.0.0.0
;
; test entry
2.0.0.127 IN A 127.0.0.2
IN TXT “Test Entry”
;
; remember to reverse the octets!
;
; consider exempting your own mail server
1.0.168.192 IN A 127.0.0.2 ; my mail server IP address

; These are the server we want to whitelist. Do not forget to reverse the octets !
1.0.0.10 IN A 127.0.0.2

Rather than Bind, you could also run rbldnsd, a small daemon that would make it easier to serve DNS white (or black) lists. Its main advantage is that you can add IP addresses to its zone file in native (i.e. not reversed) format, possibly saving yourself a few scripting lines if you would automate the process of adding hosts to the list.

紅色記號的部份，鬼才看得懂哩
夭壽喔..... 要是再這樣下去，我看遲早都得去動到 sendmail.cf 那個天書設定檔 =.=
我看也該是時候投向 Postfix 的懷抱..........