Re: [exim] blocking on failure of reverse_host_lookup

Top Page
Delete this message
Reply to this message
Author: Joan
Date:  
To: Exim Users List
Subject: Re: [exim] blocking on failure of reverse_host_lookup
>> FYI, if you want to apply "country" based rules to incoming connections,
>> there are dnsbl's that map IPs to countries. Eg, to accept mail from hosts
>> in the UK and France:
>>
>> accept dnslists = uk.countries.nerd.dk : fr.countries.nerd.dk
>>
>> countries.nerd.dk also let you download their full data set in rbldns
>> format (and other formats I think) so you can create your own local dnsbl.
>>
>
>
> There is also another option using geoip tools using the maxmind.com
> database.
> http://www.maxmind.com/app/geoip_country
> Completely free. one download a month, so no thousands of DNS queries and
> you no longer have to maintain a list of country IPs.
>
> I am using the perl API and have been for at least 4 years with no issues as
> all :)

I wrote some little script that extracts the data from
http://phpweby.com/software/ip2country and groups it into /24 or
bigger dumping it into a file.

I assumed that reading a file would be the fastest way to have this
list, am I wrong? I'd get a better performance + skip another API that
might fail.


> Can I ask why you respond with a temporary error rather than a permanent
> error message? By doing that it just seems that when you block a
> legitimate email, the sender doesn't find out until much later... At
> least with an immediate permanent rejection the sender knows that their
> email didn't get through as they should get a bounce straight away...

The 450 was just in case something went wrong not to rejecte the mail,
my intention was to test it for some more time, and afterwards do:
.- change it into a 550
.- change the retry/reject times for the mail to something faster


The solution is not ideal, but it works quite well, and after seeing
that some big domains are doing strict rdns checking (wanadoo.fr for
example), I just go with them.