Re: [exim] Re : SPF checking and type 99 filtering

On 2011-08-15 at 22:24 +0100, Christian Gregoire wrote:
> But ... in the last end, shouldn't it be Exim's responsability to check for
> timeout ? There's already this possibility with callouts (verify =
> sender/callout=5s) or ${readsocket ...} expansion item for example. So why not
> with SPF checking ? I understand that it may be a bug in the libspf2
> implementation but again, can't Exim deal with that ?

Libraries abstract functionality. They provide a box, with certain
inputs and outputs.

For much work, Exim manages DNS queries itself, and could solve this
problem. For SPF, we rely upon libspf2 because there's quite a bit of
work going on behind the scenes and it's better to use a dedicated
library. (Eg, handling include: lookups).

So, Exim has timeouts for various bits of functionality, often by
setting an alarm handler, asking for an alarm signal "T" amount of time
from now, doing the work, then removing the alarm request.

But Exim can only wrap this around calls at the level at which they're
visible to Exim. Eg, making a socket connection, waiting for input from
the remote side, anything else like that.

This is why I said that for SPF, we could have a "SPF succeeds or SPF
times out" bit of functionality, but that would be around the _entire_
SPF lookup, including both SPF and TXT rrtype lookups. We don't have
any access to hook in and time-out _just_ the SPF lookups.

-Phil