Re: [Exim] DNS blacklist lookup timeout causes temp reject

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Dean Brooks
CC: exim-users
Subject: Re: [Exim] DNS blacklist lookup timeout causes temp reject
On Mon, 25 Mar 2002, Dean Brooks wrote:

> My concern upon reading this would be that if a particular RBL site
> had a total failure of all their name servers for whatever reason, it
> could render an entire Exim site inoperable.


> Is that true or would the local DNS resolver simply timeout and return
> a negative match and allow the message through?


Exim has got too complicated for my brain to remember it all any more. :-)

TFM says "If a DNS lookup times out or otherwise fails to give a
decisive answer, Exim behaves as if the host is not on the relevant
list." I presume that I implemented what I wrote, but that contradicts
what was posted:

> > > I've setup exim to use a few rbls but if the connection to the rbl
> > > timesout, exim temporarily rejects the msg. How can I configure exim
> > > 4.01 to accept the message instead of temp. rejecting?


I didn't check the code before I wrote:

> > There is no way to do this at present, short of modifying the code.


But actually, my comment is right and TFM is telling lies.

It looks like I changed things between Exim 3 and Exim 4, and did not
change the manual. Clearly something that got overlooked.

> If this is indeed the case, can the equivalent of a "/timeout_ok" flag
> on dnslists be appropriate or is their a technical problem with that?


No, there isn't a problem. I'm trying to rethink what happened. Is
suspect that I decided the original rule wasn't appropriate, because you
can use dnlists for both "white lists" and "black lists", and a single
default would not be right for all kinds. So I made it defer, but then
didn't implement any means of overriding that.

I've made a note to add some options. However, this is too late for
4.02, which will be released later today.

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.