On 2009-05-05 at 16:27 +0100, Mike Cardwell wrote:
> I'd like to petition for a change in the default makefile for 4.70 such
> that DNSDB is enabled by default. In the comments it says:
>
> # LOOKUP_DNSDB does *not* refer to general mail routing using the DNS.
> # It is for the specialist case of using the DNS as a general database
> # facility (not common).
>
> I agree that using DNSDB is specialist, but I think its usage is common
> enough for it to be enabled by default.
>
> I can't see any disadvantage to it being compiled in... I just compiled
> Exim with it, and then again without it and the difference between the
> two binaries was a mere 4285 bytes... Most *emails* are bigger than 4285
> bytes these days...
>
> Does anyone agree/disagree with me strongly?
I agree strongly.
Often, what is done with dnsdb can later be done better with new Exim
features, but as a general tool to let the administrator get on and get
the work done, I find dnsdb invaluable. I'm fairly sure that several of
my posts to the list have assumed the presence of dnsdb without stating
the assumption as I tend to forget that it's not present by default. In
particular, I believe that some of my forany/forall examples use this.
At the moment, the only live example in my real configs is this:
----------------------------8< cut here >8------------------------------
# We don't filter on SPF in the normal case as it breaks forwarding. However,
# if the sender domain claims that it never sends mail, then there's nothing
# legitimate to have been forwarded, so we can drop that at least. Some people
# are polite and note when they don't send email (eg, globnix.com).
# Thanks to Mike Cardwell for the nudge to actually implement the check and for
# the lookup which avoids an experimental-Exim dependency.
deny condition = ${if eq{${lookup dnsdb{defer_never,txt=$sender_address_domain}}}{v=spf1 -all}}
message = SPF records for $sender_address_domain explicitly state this domain should never send email
----------------------------8< cut here >8------------------------------
(globnix.com being mine). I value having a test which is small and
simple, avoids linking in a bunch of additional bloat which I'll likely
never use and find the flexibility of dnsdb here to be of great use in
implementing the only subset of the SPF functionality which I actually
use. The flexibility of dnsdb greatly exceeds its cost.
I just checked my logs for what this rule is catching and was pleasantly
surprised. Thanks, Mike. :)
-Phil