Rewrite/Override QTYPE with RPZ
Lee
ler762 at gmail.com
Mon Nov 12 14:36:14 UTC 2018
On 11/12/18, Tom <tomtux007 at gmail.com> wrote:
> I mean the other way:
>
> My feeded RPZ blocks othercompany.com and *.othercompany.com. Therefore
> any qtype (MX, A, AAAA...) are blocked for this domain. Is there a way
> with BIND just to whitelist the MX for othercompany.com and the
> consequent A-Record (ex. mail.othercompany.com) that we are able to send
> mail to othercompany.com?
mail.othercompany.com CNAME rpz-passthru.
*.othercompany.com CNAME .
in your rpz zone file doesn't do what you want?
Lee
>
>
>
>
> On 09.11.18 14:39, Lightner, Jeffrey wrote:
>> That wouldn't help you much. Many mail systems these days check not only
>> your MX record but also your PTR record to make sure the IP you came from
>> has a valid (i.e. not generic) reverse lookup. They'll also check things
>> like dkim or spf TXT records. If they don't like what they find they'll
>> simply reject email even if you haven't been blacklisted.
>>
>> In general blacklisting services blacklist specific IPs rather than
>> domains anyway. A work around would be to change the outbound IP your
>> mail server uses rather than changing other records. Of course you'd have
>> to make additional changes for the PTR, A/AAAA and TXT records for the new
>> IP you select.
>>
>> Many blacklisting services have a way to delist yourself.
>>
>> However, if you don't fix the underlying problem that caused you to be
>> blacklisted in the first place any new IP will quickly be blacklisted as
>> well and/or delisting yourself a second time is much more difficult.
>>
>> If you are sending multiple automated emails (e.g. invoices or marketing
>> materials) to customers you need to be monitoring for returns and removing
>> rejected email addresses from your databases. These often occur because
>> the customer no longer has the email address they originally gave you (or
>> they had a typo in what they gave you).
>>
>> -----Original Message-----
>> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of
>> Tom
>> Sent: Thursday, November 08, 2018 11:49 PM
>> To: bind-users at lists.isc.org
>> Subject: Re: Rewrite/Override QTYPE with RPZ
>>
>> Fore example "example.com" and "*.example.com" are blacklisted. I would
>> like to return a real ip address for special query types like MX or TXT,
>> but not for A or AAAA.
>>
>> Tom
>>
>>
>> On 08.11.18 16:44, Barry Margolin wrote:
>>> In article <mailman.775.1541690246.803.bind-users at lists.isc.org>,
>>> Tom <tomtux007 at gmail.com> wrote:
>>>
>>>> Hi all
>>>> Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is
>>>> this planned in future releases of BIND?
>>>
>>> What would be the point? If a query is for MX, and you return A
>>> instead, the client won't be able to do anything with it.
>>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list