Re: [exim] Default enabling of dnsdb

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim-users
Subject: Re: [exim] Default enabling of dnsdb
Phil Pennock wrote:
> On 2009-05-05 at 16:27 +0100, Mike Cardwell wrote:
>> I'd like to petition for a change in the default makefile for 4.70 such
>> that DNSDB is enabled by default. In the comments it says:
>>
>> # LOOKUP_DNSDB does *not* refer to general mail routing using the DNS.
>> # It is for the specialist case of using the DNS as a general database
>> # facility (not common).
>>
>> I agree that using DNSDB is specialist, but I think its usage is common
>> enough for it to be enabled by default.
>>
>> I can't see any disadvantage to it being compiled in... I just compiled
>> Exim with it, and then again without it and the difference between the
>> two binaries was a mere 4285 bytes... Most *emails* are bigger than 4285
>> bytes these days...
>>
>> Does anyone agree/disagree with me strongly?
>
> I agree strongly.
>
> Often, what is done with dnsdb can later be done better with new Exim
> features, but as a general tool to let the administrator get on and get
> the work done, I find dnsdb invaluable. I'm fairly sure that several of
> my posts to the list have assumed the presence of dnsdb without stating
> the assumption as I tend to forget that it's not present by default. In
> particular, I believe that some of my forany/forall examples use this.
>
> At the moment, the only live example in my real configs is this:
> ----------------------------8< cut here >8------------------------------
> # We don't filter on SPF in the normal case as it breaks forwarding.  However,
> # if the sender domain claims that it never sends mail, then there's nothing
> # legitimate to have been forwarded, so we can drop that at least.  Some people
> # are polite and note when they don't send email (eg, globnix.com).
> # Thanks to Mike Cardwell for the nudge to actually implement the check and for
> # the lookup which avoids an experimental-Exim dependency.
>   deny    condition     = ${if eq{${lookup dnsdb{defer_never,txt=$sender_address_domain}}}{v=spf1 -all}}
>           message       = SPF records for $sender_address_domain explicitly state this domain should never send email
> ----------------------------8< cut here >8------------------------------

>
> (globnix.com being mine). I value having a test which is small and
> simple, avoids linking in a bunch of additional bloat which I'll likely
> never use and find the flexibility of dnsdb here to be of great use in
> implementing the only subset of the SPF functionality which I actually
> use. The flexibility of dnsdb greatly exceeds its cost.
>
> I just checked my logs for what this rule is catching and was pleasantly
> surprised. Thanks, Mike. :)
>
> -Phil
>


Phil,

No doubt the code does what you say it does.

But not clear to me why (or at what 'phase') that sort of check would be
needed at all.

What have I missed?

Bill