[exim-dev] feature request for exim: query DNSBL providers' …

Top Page
Delete this message
Reply to this message
Author: Rob McEwen
Date:  
To: exim-dev
Subject: [exim-dev] feature request for exim: query DNSBL providers' DNS servers directly
Hi! This is Rob McEwen from the invaluement.com anti-spam blacklist. (I
just joined this list.)

I have a feature request for Exim. Or, since Exim is clearly one of the
world's most flexible/configurable MTAs, is... what I'm about to
describe... already be possible with existing features?

What I want to accomplish is this: provide subscribers to the
invaluement anti-spam blacklist... who use exim... the ability to have
their DNS queries to DNSBLs... come directly from Exim, skipping the
normal DNS resolver. (and other DNSBLs could benefit from this too!)

The way this would work... is that Exim would do a normal NS lookup on
the host name at the root of a DNSBL (eg "zen.spamhaus.org", for
example), then collect IP address(es) that those authoritative name
servers resolve to, and then do the actual DNSBL lookup *directly* on
that DNSBL's authoritative servers, skipping the regular caching DNS
server "middleman".

(Ideally, Exim would internally cache the answer for the NS lookups...
so that it wouldn't have to do this NS lookup with every single DNSBL
lookup. But technically, that part is a bit more exotic.)

Is there a way to do this already in Exim? If not, does anyone have any
suggestions regarding how this might be implemented? For example, if it
can't be done with Exim's current features, is there some kind of way
that I could write a custom plugin for Exim that could possibly
accomplish this? (if that is the best option, please point me in the
right direction for investigating way to write Exim plugins)

Thanks!

PS - This can be beneficial for other uses besides my "invaluement"
commercial anti-spam blacklist. For example, sometimes, those who host
their own mail servers... are on remote systems that default to Google's
DNS servers - and it becomes a hassle for them to set up their own DNS
resolver and/or the server provider or datacenter constantly overwrites
their DNS settings, forcing them back to Google (etc). Some of these
organizations have subscriptions to Spamhaus, which then become useless
when they have trouble reliably running their own DNS server... then
their DNSBL queries for Spamhaus (and others) are sometimes blocked. For
this reason, Kerio Connect has a feature called "use DNSBL provider's
server directly". I'm now working towards trying to find ways to
implement this same technology into other MTAs and spam filters. (thus
this post!)

--
Rob McEwen
http://www.invaluement.com
+1 (478) 475-9032