Karl Fischer wrote:
> Russell Wilton wrote:
>
>> I run Exim 4.52 on RedHat Ent Linux 4.6
>>
>> I am implementing Spamhaus DNS block lists and have set up my own rbl
>> DNS server
>> for the purpose, as required by our volume of mail. We have set our
>> main DNS servers
>> to forward requests for the dnsbl zone to my new rbl DNS server, but we
>> are having difficulty
>> meeting Spamhaus' requirement that we restrict access to only our own
>> machines. We
>> have a fairly complicated DNS setup and our DNS expert says he has been
>> unable to
>> find a way to restrict forwarding without breaking something else.
>>
>
> Well,
>
> I don't know any exim function that does what you want, but if your
> DNS expert is unable to implement what's neccessary like suggestion
> from D.Hill, you can always set up your own DNS-Server on (one/all of)
> your exim box(es) and point your local /etc/resolv.conf to *your* DNS
>
> Using bind it should be no problem to apply restrictions as neccessary
> by using views or ACLs or both:
>
> options {
> forwarders {
> <your-main-dns-server> port 53;
> };
> };
>
> view "exim" {
> match-clients { 127.0.0.1; <your-mailserver-ip>; <your-other-mailserver-ip>; ...; };
> recursion yes;
> zone "spamhaus.local" {
> type forward;
> forward only;
> forwarders {
> <dns-server-to-get-spamhaus-info-from> port 53;
> };
> };
> };
>
> view "others" { # could be used on you main DNS if neccessary
> match-clients { <pattern as needed>; };
> recursion yes;
> };
>
>
> see the bind documentation at http://www.isc.org/
> http://www.isc.org/sw/bind/arm95/Bv9ARM-all.html#view_statement_grammar
>
> - Karl
>
Thanks Karl and D.Hill. That's pretty much what my DNS guy suggested:
set up my own forwarding DNS server for use only by the mail systems
which would forward the dnsbl requests to the rbl DNS server, and
forward everything else to the main campus DNS servers. I was just
hoping there was an easier way. :-)
--
Russell D. Wilton
Info Tech Systems Analyst
University of Lethbridge
4401 University Drive
Lethbridge, Alberta
CANADA T1K 3M4
