[dns-operations] creeping poorness of judgement
Paul Vixie
paul at redbarn.org
Sat Mar 14 02:53:57 UTC 2020
Viktor Dukhovni wrote on 2020-03-13 18:48:
> On Sat, Mar 14, 2020 at 01:16:09AM +0000, Paul Vixie wrote:
>
>> ...
>
> But you don't actually have to hinder forwarding of your email by
> publishing SPF, another option is to use only IPv4 when sending email
> via google's MX hosts. This can be done by hiding the AAAA records of
> the Google MTAs from Postfix (my below adaptation of the example uses
> the PCRE "x" option to make the filter more readable):
>
> http://www.postfix.org/postconf.5.html#smtp_dns_reply_filter
>
> /etc/postfix/main.cf:
> pcre = pcre:${config_directory}/
> smtp_dns_reply_filter = ${pcre}smtp_dns_reply_filter
>
> /etc/postfix/smtp_dns_reply_filter:
> # /domain ttl IN AAAA address/ action, all case-insensitive.
> # Note: the domain name ends in ".".
> /^\S+\.google\.com\. \s+ \S+ \s+ IN \s+ AAAA \s+/x IGNORE
> /^\S+\.smtp\.goog\. \s+ \S+ \s+ IN \s+ AAAA \s+/x IGNORE
that is delightfully unhinged, but i would sooner call joe abley on the
phone then to put PCRE's into config files trying to filter out
dig-format DNS records. thanks for the cackle, though.
--
P Vixie
More information about the dns-operations
mailing list