Re: [exim-dev] feature request for exim: query DNSBL provide…

Top Page
Delete this message
Reply to this message
Author: Rob McEwen
Date:  
To: exim-dev
Subject: Re: [exim-dev] feature request for exim: query DNSBL providers' DNS servers directly
On 9/11/2017 3:28 PM, Viktor Dukhovni wrote:
> but I would hope
> that resolver bypass does not become a supported Exim feature.


It would still do an NS lookup on the particular DNSBL, first using the
standard (current) system. And the implementation would never default to
this - the end users would have to go out of their way to implement
this! And even then - it wouldn't impact OTHER queries - which would
continue to operate as usual. It would only surgically starget the
particular DNSBL selected, on a case-by-case basis, with the user having
to purposely go out of their way to implement this for any one DNSBL.

> All the problems the OP would like to solve are best handled via a

dedicated
> local resolver.  That resolver can forward queries to some more central
> resolver and define stub zones (or an appropriate alternative

mechanism) for
> whatever RBL domains it would like to bypass the upstream cache.


I wonder if you read my other messages? even with explicit and clear
instructions - including warnings on step one of our signup form - and
even though those instructions are almost condescending/insulting to our
subscribers the way we try hard to clearly spell out how important it is
for them to use a locally-hosted DNS resolver - even with all of that -
about 25% of the entire overhead labor hours time running invaluement -
involves constantly having to spend time contacting customers (and
potential customers in a trial)... to get them to fix their DNS so that
the queries stop coming from Google or OpenDNS. Yet for those few spam
filters which do have a "query DNSBL provider's server directly" feature
- these problems NEVER happen.

Viktor, if all of our subscribers had your particular expertise and
knowledge, I'm sure I wouldn't have to bother trying to figure this out.
But as I had mentioned, it isn't that they are all stupid. Most of the
time, they are IT admins that have a million other responsibilities
besides managing the mail server and DNS.  Ideally, you are 100% correct
about there not being a need to do this - but that is only true in an
ideal worth that doesn't exit. I have a mountain of evidence that in the
real world, this feature would very much be of great benefit for many.

Again, if this feature were implemented - as described - it would be
completely innocuous to those didn't go out of their way to implement
this. Of course, I would want the implementation by the end user to be
very very simple too - but it wouldn't be something that someone could
easily mistakenly do, either.

--
Rob McEwen
http://www.invaluement.com
+1 (478) 475-9032