Wednesday, October 5, 2016
How do I white list certain IP’s so that they pass my DNSBL checks?
Answer
Yes.In order to do this, you will need set up your own DNSBL server and use this as an exception list, set this server as the first server in the list and set the action to allow the mail through.
To do this, follow these steps:
- Create a new zone on your DNS server (like whitelist.your.domain)
- Create an A record for the new zone to point at your DNS server:
Whitelist.your.domain IN A x.x.x.x
This is required as the mail server will use this name to connect to the DNS server.
- Add host records in reverse lookup format with an address of 127.0.0.2, for example:
1.25.8.10.whitelist.your.domain IN A 127.0.0.2
which would cause 10.8.25.1 to pass through the DNSBL check as long as this is the first server checked and the action was set to allow the server through.
- Define the DNSBL list under GMS Anti-Spam > Connect > RBL Check and ensure it is at the top of the list. Set the action to Accept.
- Define any other DNSBL lists that you wish to use.
Create a standard primary zone (not AD-integrated, and call it say reject.comcept.net). Then, within that zone, create a new host but do not add a host name and give it the IP of the DNS server (2k will whine that it’s an invalid host IP but it works fine, my DNS Servers and GMS Server are behind a PIX thus have private IPs, in this case 10.0.0.11).
Now modify the zone.dns file in C:WINNTsystem32dns with the IPs you want to block (or accept if you’re creating a whitelist) as
A 127.0.0.2.
My current file looks like this:
;
; Database file 1reject.comcept.net.dns for 1reject.comcept.net zone.
; Zone version: 6
;
@ IN SOA ml370.colo.comcept.net. admin.colo.comcept.net. (
6 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL
;
; Zone NS records
;
@ NS ml370.colo.comcept.net.
@ NS ns.colo.comcept.net.
ns.colo.comcept.net. A 10.0.0.10
@ NS ns1.colo.comcept.net.
ns1.colo.comcept.net. A 10.0.0.104
;
; Zone records
;
@ A 127.0.0.2
10.136.110.193 A 127.0.0.2
4.76.61.200 A 127.0.0.2
45.36.50.206 A 127.0.0.2
254.49.154.207 A 127.0.0.2
162.249.166.208 A 127.0.0.2
34.94.37.208 A 127.0.0.2
15.89.39.209 A 127.0.0.2
224.138.58.210 A 127.0.0.2
210.243.250.216 A 127.0.0.2
104.11.240.63 A 127.0.0.2
193.143.225.64 A 127.0.0.2
146.188.66.68 A 127.0.0.2
Then you save the file and go back to the DNS MMC and right click on the zone and then click Reload.NOTE: The IPs are reversed in the zone. For example, the first IP is really "193.110.138.10". This file works for both black and white lists.
Put "127.0.0.3" for white list and then tell GMS to Accept for "127.0.0.3" and Deny for "127.0.0.2".
You need to do modifications in notepad and not in W2k’s DNS MMC. Be sure to reload the zone when your changes are done.
http://www.gordano.com/knowledge-base/how-do-i-white-list-certain-ips-so-that-they-pass-my-dnsbl-checks/
to cross the firewall the email pipe, the child process inherited the parent process file descriptors, because on this case the execvr passes the barrier, whitout they shutting off the process...which is the opposite here, so dont take the forking
Inherit parent socket in fork() child
opposite answer :
another question is to kill the child process at the right time, before they kill you
How to accurately kill child process after certain time limit in C?
http://stackoverflow.com/questions/30007769/how-to-accurately-kill-child-process-after-certain-time-limit-in-c?rq=1
Subscribe to:
Posts (Atom)