I resent this as I realized I didn't cc it to the list. Sorry 'bout that everyone.
On Mon, 14 Oct 2002 16:53:26 -0400 (EDT), you wrote: >On Mon, 14 Oct 2002, millerbn wrote: > >> This indicates to me that the explanation wasn't relevant, since the >> external or internal dns aren't used - only the host enabled in the >> email proxy maps/rbl section. > >The explanation was relevant because we were discussing specificly how the >GNATBox SMTP Proxy handles this situation. > >The GNATBox SMTP Proxy (current versions) queries the configured DNS >resolvers, it does not contact the authoritative servers of the RBL zones >directly. > How do the configured DNS resolvers know to contact the rbl zones? Unless it's a stealth slave zone, doesn't seem they would know. I take it the current versions no longer have the section under email proxy for maps/rbl to specify the server to use? That's what is being implied. > >> See the above, sounds like a difference between flash and pro. Don't >> have flash, but pro continues to check for 1.10.10.10.rbl.some.thing on >> rbl.some.thing every time 10.10.10.1 sends an email. If it were cached, > >Right. The GNATBox makes a request every time a connection is attempted >to the recursive server. (more then one request if you have multiple RBLs >configured.) It is the responsibility of the recursive server to cache or >not. > Here you imply that there is still a section under email proxy for maps/rbl but this doesn't jive unless you are paying to be a stealth slave zone with MAPS or other services that offer this. Since it would ask the server(s) configured in that section not the external or internal dns. Dnsbl maps type systems and domain name lookups are seperate. > >> Not to sound argumentative/snide, but I know that a 'full caching >> recursive resolver just to do RBL lookups' was not added to sendmail. >> Before it was added to M4 it took less than 10 lines of code. > >True. The sendmail RBL hack used the local systems resolver libraries to >to the RBL lookups. In most cases, that means that it used the DNS >servers listed in /etc/resolv.conf. We were discussing the GNATBox SMTP >proxy, though, not sendmail. > Ahem... If it did look in /etc/resolv.conf then there would be no need for this line in sendmail v8.8 R$-.$-.$-.$- $(host $4.$3.$2.$1.blackholes.mail-abuse.org. $:OK $) or under M4 compatible versions FEATURE(dnsbl, `blackholes.mail-abuse.org', `Mail refused')dnl Unless current versions of gbflash or gnatbox no longer have a maps/rbl section under email proxy then my reference to sendmail is very relevant. Setting the external/internal dns servers is akin to /etc/resolv.conf and enabling hosts under the maps/rbl section is akin to the sendmail settings above. >> What different authorative name server? It's running as is on one now, >> with no changes other than proper domains and full soa. > >Examples of other authoritative name servers: > >tinydns, rbldns (a variation of tinydns), whatever Microsoft calls their >DNS server, maradns, dents, mydns to name a few. None of these (to my >knowledge..I havent tried them all) use BIND style zone files. > > >For those of you who wish to run DIY RBLs, you may want to look into >rbldns. (disclaimer! This is a personal suggestion. :) > >http://cr.yp.to/djbdns/rbldns.html > >It was written specificly to be an authoritative RBL DNS server. > >....david > Ok, didn't realize that you were writing about other programs. Now that comment makes sense. I still prefer Bind4 but this is an opinion, nothing more. Since we are on the topic of caching/lookups and maps, according to mail-abuse.org "In no case ought you cache the results of a MAPS RBLSM lookup, since a blackholed host can right itself and be removed in a matter of seconds." Also, direct usage via DNS with a mail transfer agent (either sendmail or another, which the smtp proxy qualifies as) and subscription via DNS are seperate. "stealth slave status. This is almost like a normal DNS slave service relationship, except that these servers will not be listed in the NS RRset of the zone, so they will never be targets of third party MAPS RBLSM (DNS) queries. In order to cause such servers to be queried by your mail relays, you must configure the recursive name servers listed in your resolv.conf files as zone slaves. (It is normally a bad idea to mix authoritative and nonauthoritative data in the same name server, but this is a specified exception to that rule.)" For those that are interested the quotes came from http://mail-abuse.org/rbl/usage.html > >--- >David Raistrick > Systems Administrator - Global Technology Associates, Inc > [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
