Re: [exim] Default enabling of dnsdb

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: W B Hacker
Dátum:  
Címzett: exim users
Tárgy: Re: [exim] Default enabling of dnsdb
Dean Brooks wrote:
> On Tue, May 05, 2009 at 07:55:39PM +0100, Mike Cardwell wrote:
>> Does anyone other than Bill have an opinion? I still contend that there
>> is no disadvantage to doing it. Unless you're actually mad enough to
>> think that adding 4KB of useful code, is equivalent to, "bloat".
>
> Every single one of my Exim configurations uses dnsdb because I need
> to do tests for the presence of PTR records, which is impossible
> without dnsdb. The regular reverse DNS lookups also do forward
> lookups, which are fine, but in some circumstances you need to test
> just for he
>


> I can understand mysql/postgres/sqllite being optional, given that any
> particular user will generally only use one (or fewer) of them. Just
> never made much sense why dnsdb was left optional, unless there was an
> issue of platform portability for some reason.
>


>> Before I remembered that most Exim installations don't have dnsdb
>> available to them.
>>
>> That's happened to me several times in the past. I've been asked how to
>> do something, and responded with a dnsdb solution only to realise that
>> dnsdb isn't compiled in.
>
> Yeah, that is frustrating. I've run into that a few times too, again
> usually with regards to testing for PTR records.
>
> --
> Dean Brooks
> dean@???
>


There may well be cute and clever things that only DNSDB enables.

But DNSDB is *not* needed to test for a PTR RR.

=====

2009-05-05 20:16:52 [47894] H=[190.65.70.102]:17941
I=[203.194.153.81]:25 rejected connection in "connect" ACL: C3 rDNS
Fail: host lookup failed (failed to find host name from IP address)

=====

Confimed with manual equivalent tests:

===

conducive# host 190.65.70.102
Host 102.70.65.190.in-addr.arpa. not found: 3(NXDOMAIN)

===

conducive# dig PTR 190.65.70.102

; <<>> DiG 9.4.2-P2 <<>> PTR 190.65.70.102
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56771
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;190.65.70.102.                 IN      PTR


;; AUTHORITY SECTION:
.                       10717   IN      SOA     A.ROOT-SERVERS.NET. 
NSTLD.VERISIGN-GRS.COM. 2009050501 1800 900 604800 86400


;; Query time: 3 msec
;; SERVER: 61.10.1.146#53(61.10.1.146)
;; WHEN: Tue May 5 20:35:13 2009
;; MSG SIZE rcvd: 106


=====

What is in the #CONNECT_C3 acl?

     !verify     = reverse_host_lookup


Keeping in mind that at 'connect' all one has on which to base a
'reverse_host_lookup' ... is an IP....

And the only record 'of interest' that can be found with a 'bare' IP..

... is a PTR RR.... Or NOT.

QED

Whether it is 'proper' or 'generic' is for another phase.

Bill