Daniel Collis-Puro
2006-Sep-06 14:13 UTC
[Pkg-exim4-users] More resilient "local_host_whitelist"ing?
Exim folks,
We''ve set up a proxying spam/virus filter via exim-daemon-heavy and all
the usual suspects(spamassassin, clamav, dcc, pyzor, razor, various
rbls) - ''tis a thing of beauty: fast, efficient, accurate and no
backscatter.
Anyway: we''d like to ensure that a set of hosts never get mail rejected
at the exim level by listing them in the default
"local_host_whitelist"
config, but we also don''t want to do "ad hoc" DNS caching by
entering IP
addresses in that file.
THE PROBLEM:
The problem with putting hostnames in that file is that - when a
hostname can''t resolve - exim issues a temporary reject to every
message
it sees. EVERY message. Until the hostname resolves again.
We''ve got a caching DNS server in place on this box (helps with RBL
lookups IMMENSELY), but we don''t control the DNS for all the domains we
need to whitelist.
THE QUESTION:
Is there an easy way to set up the stanza below (in
conf.d/acl/20_exim4-config_whitelist_local_deny) to "defer" lookups
when
a whitelisted hostname can''t be resolved, just like you can defer other
lookups?
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
To me - deferring whitelisted domain lookups would be ideal : we
wouldn''t have to stay aware of IP address changes on whitelisted
hostnames, and exim would just continue to process a message when a
whitelisted domain has a DNS hiccup.
If not, then we''ll probably just implement a cron job to take our
desired list of hostnames and dump the IP addresses they resolve to into
local_host_whitelist.
Thanks in advance!
-DJCP
--
-**---****-----******-------********---------**********
Daniel Collis-Puro
Software Engineer
End Point Corp.
dan@endpoint.com
(office) 781-477-0885
(cell) 781-775-1338
**********---------********-------******-----****---**-