Working through the tail of Run Your Own Mail Server has led me to a couple things I’d like to see. Maybe some reader would like to hack on one of them.
1) The best way to generate a list of hosts that should bypass Postfix’s intrusive protocol checks, or anything that resembling greylisting, is the postwhite. Postwhite has been abandoned for years, though. This isn’t exactly a problem, as it’s feature-complete and does the job. The configuration is clunky, though. It supports a long-obsolete list of Yahoo mailer addresses. The list of domains it generates lists for is hard-coded in the script, and artificially broken up into categories like “legit bulk mailers,” “social media,” and so on. You should not have to edit the script to remove a domain, because who accepts mail from LinkedIn these days? You shouldn’t have to edit the script for anything. The last edit to this was six years ago, so I suspect it’s basically abandoned.
Moving the domains to an external file and dropping the defunct Yahoo page would be good. If you have to fork it, using a meaningful name like “greyskip” or somesuch would be nice.
2) Postfix on FreeBSD supports blacklistd. That’s grand. Log parsers are inherently fragile, and libblacklist is the smart way for an application to declare that an IP address is misbehaving. The Postfix support only applies to authentication attempts on smtpd, however. I’m in favor of that, but I’d also like to see postscreen grow libblacklistd support. A host on a trusted DNSBL pokes our mail port? Block it.
I could do #1, but I lack the time and refuse to recommend my fault-oblivious code for production. I lack both skills and time for #2.
The truth is, we’ve limped along like this for years. We could limp for many more years. But hey, someone out there might want to make the world suck slighly less.