Rewrite/Override QTYPE with RPZ

Daniel Stirnimann daniel.stirnimann at switch.ch
Mon Nov 12 07:14:25 UTC 2018


Hello Tom,

> My feeded RPZ blocks othercompany.com and *.othercompany.com. Therefore 
> any qtype (MX, A, AAAA...) are blocked for this domain. Is there a way 
> with BIND just to whitelist the MX for othercompany.com and the 
> consequent A-Record (ex. mail.othercompany.com) that we are able to send 
> mail to othercompany.com?

If the action of your RPZ policy is a CNAME redirecting the user to a
walled garden and that walled garden runs an MTA you could configure it
as a relay server.

We have a similar setup where the MTA on the walled garden rejects the
email so that the sending MTA immediately gets a feedback.

Daniel


More information about the bind-users mailing list