Greylisting whitelist SPF with PTR mechanism

Issue #120 wontfix
Martin LEUSCH
created an issue

Some providers like Yahoo or OVH use PTR mechanism in SPF records:

_spf.mail.yahoo.com.    1800    IN      TXT     "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all"

Is it possible to add a reverse DNS based for greylisting in iRedAPD ?

Comments (6)

  1. Martin LEUSCH reporter

    This could solve some greylisting issue I have: For domain like Yahoo, I have to had yahoo.com in greylisting whitelist, so forged yahoo address are trusted. For mail domains hosted by OVH, I have to had domains one by one in greylisting whitelist when users report me long delay for mail delivery.

  2. Zhang Huangbin repo owner

    In iRedAPD, yahoo.com is whitelisted for greylisting service by default, because they don't have a useful SPF record.

    How would you like to handle PTR? Could you please share your thoughts and details please?

  3. Martin LEUSCH reporter

    In SPF with PTR mechanism, sender is trusted when its PTR and A record match with the pattern in spf record. For example for OVH:

    mx.ovh.com.             600     IN      TXT     "v=spf1 ptr:mail-out.ovh.net ptr:mail.ovh.net ip4:8.33.137.105/32 ?all"
    

    So, server like 20.mo3.mail-out.ovh.net or 12.mo3.mail-out.ovh.net should be trusted.

  4. Zhang Huangbin repo owner

    Plugin wblst_rdns is what you're looking for: you can simply whitelist .mail-out.ovh.net (with a prefixed dot which means all sub-domain names of mail-out.ovh.net) like this:

    sql> USE iredapd;
    sql> INSERT INTO wblist_rdns (rdns, wb) VALUES ('.mail-out.ovh.net', 'W');
    

    Plugin wblist_rdns has higher priority than greylisting, so this will work for you.

    BTW, plugin wblist_rdns is sponsored development by Daniel Senie <dts at amaranth.com>.

  5. Log in to comment