Re: [EXIM] Negation in domain/host/net/address lists

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Georg von Zezschwitz
CC: exim-users
Subject: Re: [EXIM] Negation in domain/host/net/address lists
On Tue, 16 Mar 1999, Georg von Zezschwitz wrote:

> I consider this approach is dong something by configuration syntax
> what should be done by implementation. Our ciscos *do* have a
> pretty long netlist, but the configuration-file remains a flat
> list (though the cisco is fast :-)).


I presume, though, that you kick a cisco and it loads its list into some
kind of in-memory data structure that is easy to access. This cannot be
done with Exim.

> E.g., "precompiling" such netlists towards a 4-Byte IP-adress /
> netmask sequence binary file, building up binary trees or whatever,
> would be an approach to keep config-files simple, but to enfasten
> the processing.


Yes - my proposal is that if you want to do this, you "precompile" them
into DBM files. A file such as

194.127.100.0/24
193.98.8.0/18
...

could (under my proposed scheme) either just be referred to and read
linearly, or, without change, made into a DBM file. [Note for those
paying close attention: as a result of comments, I have realized that
the /n component is required as part of the lookup key to avoid
ambiguities. That also provides this nice uniformity.]

> Either you'd
> have to split up everything to Class-C-networks, or you have to use
> many different sizes for net_xxxx-dbm.


Maybe the net-lookup stuff should be more like the @@-style of address
lookup? You still need to specify, e.g. net-16-dbm;/xxx/yyy but what
it would do would be to use the top 16 bits to look up a file with data
like

193.93: 193.98.8.0/18 : 193.98.9.0/24 ...

In other words, provide a way of shortening the linear search to a
subset of the total list. How do people feel about this?

> > >    smtp_reserve_nets = "/usr/local/lib/exim/netlist"
> > >    receiver_verify_except_nets = "/usr/local/lib/exim/netlist"
> > >    rfc1413_except_nets = "/usr/local/lib/exim/netlist"
> > >    sender_net_accept_relay = "/usr/local/lib/exim/netlist"
> > >    smtp_etrn_nets = "/usr/local/lib/exim/netlist"


> During the normal cause of an ESMTP incoming seession all the
> 4 later ones will be evaluated, am I wrong?


receiver_verify_except_nets will be evaluated if a message is
transmitted - I guess that's the "normal" session.

rfc1413_except_nets will be evaluated always.

sender_net_accept_relay will be evaluated only if the sender tries to
relay through the host.

smtp_etrn_nets will be evaluated only if the sender issues ETRN.

I take the general point, however. As Nigel has pointed out, there is
caching for the typed lookups (lsearch, dbm, etc). However, these files
are not lookups and could in principle be different. I suppose Exim
could be clever and keep a cache of file names and whether the incoming
host matched them. I'll think about it.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.



--
*** Exim information can be found at http://www.exim.org/ ***