Author: W B Hacker Date: To: exim users Subject: Re: [exim] Default enabling of dnsdb
Brian Blood wrote: > On May 5, 2009, at 2:30 PM, Dean Brooks wrote:
>
>>> Does anyone other than Bill have an opinion? I still contend that
>>> there
>>> is no disadvantage to doing it. Unless you're actually mad enough to
>>> think that adding 4KB of useful code, is equivalent to, "bloat".
>> Every single one of my Exim configurations uses dnsdb because I need
>> to do tests for the presence of PTR records, which is impossible
>> without dnsdb. The regular reverse DNS lookups also do forward
>> lookups, which are fine, but in some circumstances you need to test
>> just for he
>
>
> I second this.
>
> Our configuration file by default drops incoming connections on port
> 25 from any IP with no reverse DNS with the message: "Please come back
> when your rDNS is configured".
>
> The Exim $sender_host_name does a reverse AND forward verification and
> that is too strict for our purposes.
I'm au fait with your preference either way ...
.. but if you've rejected on NO PTR RR, why would you accept on
'useless' PTR RR?
But never mnd that ....
I get the impression those participating in the thread are not aware
that the Exim reverse_host_lookup has sufficiently thorough logic to
discriminate between 'good enough' and 'NFW' returns.
*Doing* the verification is 'strict'. But what constitutes an acceptable
return is more clever - more common-sensical than exact-string match.
Unless one wants 'stricter', not less-strict branching, dnsdb may
require one to re-implement at least some of that logic.
Perhaps not alone, or in the dark, but verifying this information in a
useful manner with minimal 'falsing' is not a newly invented need ...
Start at line 1546 of ~/src/host.c in the Exim sources.
You may come to realize that Phil Hazel and/or some of the other folks
who helped build Exim ..... might have been born at night.....
....but it surely wasn't *last* night....
>
> We either make sure dnsdb is compiled in or we make a $run call out to
> the "host" command.
>
> Brian
>
>
Go for.
Personally, I'd prefer a Forth metacompiler.... easier to start the
coffeepot with..