Autor: Ted Cooper Fecha: A: Exim Users List Asunto: Re: [exim] Preventing TXT lookups after successful
aclmodifierdnslists processing
Ted Cooper wrote: > Mike Cardwell wrote:
>> Thomas Jacob wrote:
>>
>>>> I have my own local dnsbl (using wrblnsd). Certainly from the rbl end it
>>>> appears that Exim does in fact make 2 queries, but the TXT query is
>>>> unnecessary most of the time (when a lookup returns NXDOMAIN), so unless
>>>> your lookups are more than say 20% positive, it's hardly going to save much
>>>> bandwidth - my point being, is it worth the effort anyway ?
>>> My lookups are more like 80%-90% positive, unfortunately. And it's not
>>> so much about bandwidth but about speeding up acl processing (to reduce
>>> the number of parallel smtp connections at any one time) and to
>>> reduce the load on our name servers, at least that's what I hope it will
>>> do ;-)
>> Instead of using "dnslists", you could perhaps use the dnsdb lookup type
>> as a workaround. Example
>>
>> REVERSE_SENDER_IP =
>> ${sg{$sender_host_address}{\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}{\$4\.\$3\.\$2\.\$1}}
>>
>> That creates a macro which returns $sender_host_address with the octets
>> reversed. Then do:
>>
>> condition = ${lookup
>> dnsdb{defer_never,REVERSE_SENDER_IP.zen.spamhaus.org}{true}{false}}
>>
>> This is equivalent to:
>>
>> dnslists = zen.spamhaus.org
>>
>> But only does the A record lookup
>>
>> If you're using more complicated features of "dnslists", it gets trickier.
>>
>> Mike
>>
>
> There's no need to manually reverse the IP address, it's auto-magic with
> dnsdb.
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECTdnsdb > <q>
> The supported DNS record types are A, CNAME, MX, NS, PTR, SRV, and TXT,
> and, when Exim is compiled with IPv6 support, AAAA (and A6 if that is
> also configured). If no type is given, TXT is assumed. When the type is
> PTR, the data can be an IP address, written as normal; inversion and the
> addition of in-addr.arpa or ip6.arpa happens automatically. For example:
>
> ${lookup dnsdb{ptr=192.168.4.5}{$value}fail}
>
> If the data for a PTR record is not a syntactically valid IP address, it
> is not altered and nothing is added.
> </q>
>
Urgh.. ignore that. Must be getting late as I can't even read simple
things like "When the type is PTR".