Re: [exim-dev] feature request for exim: query DNSBL provide…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Phil Pennock
Dátum:  
Címzett: Rob McEwen
CC: exim-dev
Tárgy: Re: [exim-dev] feature request for exim: query DNSBL providers' DNS servers directly
On 2017-09-11 at 10:45 -0400, Rob McEwen wrote:
> (5) It doesn't sound like this is possible in Exim. THEREFORE - What would I
> need to do to build this as a fork (or addon?) to Exim - If I try to provide
> a custom build of Exim - would I need to maintain multiple versions for
> different OS's? Or could I just provide one single download for my
> customers? What would be involved for them to install it - yet without
> overritting their existing Exim settings... as a sort of drop-in upgrade?
> What language is Exim written in?


We'd take patches, no need to maintain your own version. It's written
in C.

https://git.exim.org/exim.git
https://github.com/Exim/exim/wiki/EximDevelopment

The git repo, for historical reasons to do with combining multiple other
repositories into one at the time of git conversion, is one level
"higher" than the layout seen in release tarballs, thus `src/src/` to
get to the source code. Alas. (We should get around to fixing that,
one of these decades).

The core DNS logic is in dns.c and for the dnslists ACL condition, see
verify_check_dnsbl() in verify.c. That function is responsible for
parsing out the configure syntax (see
<https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTmorednslists>)
and delegates work to one_check_dnsbl() defined just above it.

So you'd need a syntax to specify nameservers, unambiguous and distinct
from the existing syntax; see the docs link just above and the following
sections for what syntax is currently handled. There are other ways of
suppling "connection"-style information used for stuff like database
connections, but nothing really consistent.

You'd need a custom resolver routine which can be given an explicit
nameserver; I don't know of a way to do this with current system
resolver routines. A while back I wondered about moving away from the
mess that is this underdocumented system API towards something modern,
like getdns. <https://getdnsapi.net/>. That's probably the sanest
portable route to doing anything other than "system resolver" with DNS,
even though the project is currently only declaring itself
known-to-work-with Linux, FreeBSD, OSX, and MS Windows.

It looks like getdns includes package-conf support, `getdns.pc` is
bundled. Unfortunately all the current package-conf support is
lookup-specific and in src/scripts/lookups-Makefile.

Ignore the Exim build integration side of things. If you get code
working which works if you manually slap getdns in CFLAGS in the
Makefile, I can find time to make sure it's feature-guarded and that the
build-system works with it.