Re: [exim-dev] feature request for exim: query DNSBL provide…

Top Page
This message is part of the following thread:
M----+-\the complete thread tree sorted by date
M---\M.MLena at <-
M++\MM\MRob McEwen at ->
Delete this message
Reply to this message
Author: Jasen Betts
Date:  
To: exim-dev
Subject: Re: [exim-dev] feature request for exim: query DNSBL providers' DNS servers directly
On 2017-09-09, Rob McEwen <rob@???> wrote:
> Hi! This is Rob McEwen from the invaluement.com anti-spam blacklist. (I
> just joined this list.)
>
> I have a feature request for Exim. Or, since Exim is clearly one of the
> world's most flexible/configurable MTAs, is... what I'm about to
> describe... already be possible with existing features?
>
> What I want to accomplish is this: provide subscribers to the
> invaluement anti-spam blacklist... who use exim... the ability to have
> their DNS queries to DNSBLs... come directly from Exim, skipping the
> normal DNS resolver. (and other DNSBLs could benefit from this too!)

no, this will hurt the DNSBLs feeding the requests through caching
resolvers helps the DNSBLs by reducing their infrastructure costs.

> The way this would work... is that Exim would do a normal NS lookup on
> the host name at the root of a DNSBL (eg "zen.spamhaus.org", for
> example), then collect IP address(es) that those authoritative name
> servers resolve to, and then do the actual DNSBL lookup *directly* on
> that DNSBL's authoritative servers, skipping the regular caching DNS
> server "middleman".

You can get a better result by installing bind or some other caching
resolver locally with only the root domain servers for reference

this way exim only one set of lookups is made to find the IP address
of the blacklist. and only lookup one per ip-address until it the DNS
response TTL expires.

> (Ideally, Exim would internally cache the answer for the NS lookups...
> so that it wouldn't have to do this NS lookup with every single DNSBL
> lookup. But technically, that part is a bit more exotic.)

the exim process is epehemeral, internal caching is done, but each
instance only sees one connection attempt.

> Is there a way to do this already in Exim? If not, does anyone have any
> suggestions regarding how this might be implemented?

exim currently uses gethostent() for DNS lookups, you'd need to
replace that with something that can use different configurations
on a per-call basis.

personally I'd go with bind on the exim server and have the DNSBL serve
results with a TTL of 1 when I want them to be re-queried every time.

--
This email has not been checked by half-arsed antivirus software

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] feature request for exim: query DNSBL providers' DNS servers directly[exim-dev] feature request for exim: query DNSBL providers' DNS servers directly->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)