Re: [exim] DNS Block List Server

Top Page
Delete this message
Reply to this message
Author: Karl Fischer
Date:  
To: Russell Wilton
CC: exim-users
Subject: Re: [exim] DNS Block List Server
Russell Wilton wrote:
> I run Exim 4.52 on RedHat Ent Linux 4.6
>
> I am implementing Spamhaus DNS block lists and have set up my own rbl
> DNS server
> for the purpose, as required by our volume of mail. We have set our
> main DNS servers
> to forward requests for the dnsbl zone to my new rbl DNS server, but we
> are having difficulty
> meeting Spamhaus' requirement that we restrict access to only our own
> machines. We
> have a fairly complicated DNS setup and our DNS expert says he has been
> unable to
> find a way to restrict forwarding without breaking something else.


Well,

I don't know any exim function that does what you want, but if your
DNS expert is unable to implement what's neccessary like suggestion
from D.Hill, you can always set up your own DNS-Server on (one/all of)
your exim box(es) and point your local /etc/resolv.conf to *your* DNS

Using bind it should be no problem to apply restrictions as neccessary
by using views or ACLs or both:

options {
    forwarders {
        <your-main-dns-server> port 53;
    };
};


view "exim" {
    match-clients { 127.0.0.1; <your-mailserver-ip>; <your-other-mailserver-ip>; ...; };
    recursion yes;
    zone "spamhaus.local" {
        type forward;
        forward only;
        forwarders {
            <dns-server-to-get-spamhaus-info-from> port 53;
        };
    };
};


view "others" { # could be used on you main DNS if neccessary
    match-clients { <pattern as needed>; };
    recursion yes;
};



see the bind documentation at http://www.isc.org/
http://www.isc.org/sw/bind/arm95/Bv9ARM-all.html#view_statement_grammar

- Karl