Auteur: W B Hacker Date: À: exim users Sujet: Re: [exim] blocking on failure of reverse_host_lookup
Ian P. Christian wrote: > 2009/7/2 Ian P. Christian <pookey@???>:
>> Hi all,
>>
>> I though I'd seen people post on the list about blocking outright on
>> reverse_host_lookup - however having implemented this yesterday, it
>> seems like it quite possibly did block the occasional email. Before
>> yesterday, it was just used as part of a scoring system.
>
> Whislt on the topic... how can I check that a host has a reverse
> record, without doing the full forward checking that
> reverse_host_lookup does? I can at least block outright hosts that
> don't have a reverse...
>
reverse_host_lookup does that 'first' then bails-out when no record at all is
found. it goes no further into building the list and logic of 'possibles' to
find out if a PTR RR is part of a proper DNS record set for mail service, or is
merely 'generic'.
See ~/src/host.c
So no further resources are wasted when a PTR RR is absent altogether.
Downside is that the only 'visible' difference between no PTR RR at all, and a
PTR RR that doesn't match to anything useful for smtp is in what Exim offers as
a log entry. Both conditions otherwise return a '0' eventually.
I've posted, and am running, an experimental one-line change to source that
makes the difference more readily ussable in an acl.
CAVEAT: All it really accomplishes is to cut one line per rejection of log
verbosity, so I'm not touting it.
The 'stock' Exim is just fine as-is, needing neither the above nor dnsdb, as it
already permits accepting with no, present but-generic, or full and 'proper' DNS
records - 'scored' by weighted point-value if one wishes to use such.