Re: could dnswl.m4 sendmail hack be a security concern?

[Paul Pruett <ppruett_(_at_)_webengr_(_dot_)_com>]

thanks for quick sincere reply,  

on after thought.. yes 
it would be better to all around do it
again at the firewall with something similar to spamd

for blacklists I trust I do use spamd and spamd-setup to update
the pf Table. 
for the blacklists I don't trust but want to use, I don't
want them going to spamd and delaying error message.

(spews level1 is good but I have to whitloist parts to use,
I found those after customer grief, spamd did its job
very well on legitimate smtp servers.) 

If I had ian additional something running like spamd at a different port 
and it replied with an fixed 5.5.0 error message immediately,
that would do the trick.

running another full email program and forcing it to
do this is not elegant... maybe editing the source
for spamd and makeing something... but thats more than
I can take on and feel safe that its secure... 
maybe its easier than this...
only need enough smarts to answer a few smtp requests
and quit connection...   
Can someone suggest what application or setup to have 
pf redirect smtp to for untrusted blacklist table 
and give a quick 5.5.0 message and release?


-tia.



On Fri, 26 Nov 2004, Theo de Raadt wrote:
> 
> In general, many OpenBSD developers are firmly of the opinion that
> DNS-RBL style spam list handling is a very flawed method.