Enhancement Request: SPF/DKIM authenticated domains #58
Comments
|
I agree that it would be really useful, but this information is not available in the postfix access policy delegation protocol, so postgrey would need to do DNS lookups. With the current architecture of the daemon, this would not be possible in a performant and reliable way. |
|
I came to post essentially the same idea. I'm assuming the performance concern is that postgrey is designed to receive incoming message details and respond as quickly as possible, which waiting for a (presumably blocking) SPF query would cause to slow down by a significant amount? What if instead, new entries were marked as "SPF unknown", and processed by a background daemon instead? This way postgrey can continue to respond to queries with the data it has available at the time, but after the background daemon has checked for SPF details this data can be included for any requests that come in later. Unless the SPF lookup is very slow, it should still avoid false positives pretty quickly. For example:
Something like that perhaps? |
Hi,
I would suggest an improvement to postgrey, in that, if a email is sent, and the address is SFP/DKIM authenticated, then use the domain name in place of the IP address for postgrey.
This means that sites like google or facebook that never seem to use the same IP address to send a mail would be handled automatically and would not need to be whitelisted.
The text was updated successfully, but these errors were encountered: