Re: [Exim] Relay from host list fails sometimes

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Frank Meyer
Fecha:  
A: exim-users
Asunto: Re: [Exim] Relay from host list fails sometimes
Philip Hazel wrote:

>> In my opinion this is the only right behaviour.
>
> Only in your special case. Not in the general case. You haven't
> considered the possibility of negative entries. Consider, for example,
>
> some_hostlist_item = !x.y.z : *


Okay, I understand.

>> If any DNS-server in the world failes to resolve host A, this failure
>> must not have any effect of the delivery of messages by host B.
>
> Then you need to re-arrange your configuration somehow. For a small
> number of hosts, one can abandon the named list and end up with ACLs of
> this type:
>
>     accept hosts = a.b.c
>     accept hosts = x.y.z
>     accept hosts = ....

>
> However, this is not ideal, and doesn't scale.


This should be the right way - even if it doesn't scale.

>> In reality my hostlist contains more than 500 hosts -
>
> That will be a big performance hit because of the way Exim searches the
> list linearly.


Yes, but worked fine more than a year long with exim-4.11.

> You can avoid having to SIGHUP Exim if you put the data in a file (even
> if it is a linear list).


Good idea.

> Better performance would be obtained from some
> kind of indexed lookup (e.g. cdb).


Is there any db support by exim to implement this?

> If you are generating the list automatically, why don't you
> generate IP addresses rather than host names?


A change of an IP address will appear more than once a second -
handled by the DNS server. The host names only change about 1 or
2 times a hour, when a customer registeres a new domain. So
sending SIGHUP was not the problem so far.

> However, that doesn't precisely match your report. But maybe it should
> have read "didn't match the list ITEM". I'm afraid I can't remember
> (4.14 was released a year ago), but I strongly suspect this is the
> change that is giving you trouble.


Yes, this sounds reasonable.

> I'm afraid I don't really know what to suggest except some scheme that
> passes only IP addresses to Exim (do the DNS lookups in advance?)


This solution would actualize the extern file (to avoid SIGHUP)
more than once a second. Perhaps this is the better way instead
of let exim make a search by doing lots of DNS lookups for every
message to deliver (yet about 5 messages in 1 minute).

Thanks,

Frank