Re: [courier-users] monitoring prgram times out
SZÉPE Viktor writes: Thank you again! Running bind is too expensive for me. I usually use the caching DNS resolver in the given datacenter plus µnscd https://busybox.net/~vda/unscd/ which does local caching for Name Service - which Courier apparently is not using. >if (nodnslookup || getenv("NODNSLOOKUP")) return; Is there a non-zero chance to get this into the next release? Yes; I just have to test this myself. pgpcC5hXxdUNt.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
Idézem/Quoting Sam Varshavchik : > SZÉPE Viktor writes: > >> Thank you for your support! >> >> -nodnslookup is the solution for satellite type server which delivery >> messages through one smarthost. >> >> What should I do on normal (tcp/25,587,465 are open to the internet) >> mail server where DNS lookup is necessary? Is there a way to exclude >> localhost from DNS lookup on the initial (pre-EHLO) connection? > > Looking at the code there does not appear to be a way to select > -nodnslookup based on the connecting IP address. > > There is a facility for selectively setting environment variables > based on the connecting IP address, the smtpaccess list (see > makesmttpaccess). But, currently nodnslookup just looks only at the > parameter. > > In tcpd.c, you can try changing > >if (nodnslookup) return; > > to something like > >if (nodnslookup || getenv("NODNSLOOKUP")) return; > > and then put > > 127.0.0.1allow,NODNSLOOKUP=1 > > into the smtpaccess file. > > But why don't you just run bind locally, and have it handle DNS > resolution for local zones. You can have it listen only on local IP > addresses, and thusly inaccessible from the Internet, and then get > some benefits of a local DNS lookup cache. Thank you again! Running bind is too expensive for me. I usually use the caching DNS resolver in the given datacenter plus µnscd https://busybox.net/~vda/unscd/ which does local caching for Name Service - which Courier apparently is not using. >if (nodnslookup || getenv("NODNSLOOKUP")) return; Is there a non-zero chance to get this into the next release? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
SZÉPE Viktor writes: Thank you for your support! -nodnslookup is the solution for satellite type server which delivery messages through one smarthost. What should I do on normal (tcp/25,587,465 are open to the internet) mail server where DNS lookup is necessary? Is there a way to exclude localhost from DNS lookup on the initial (pre-EHLO) connection? Looking at the code there does not appear to be a way to select -nodnslookup based on the connecting IP address. There is a facility for selectively setting environment variables based on the connecting IP address, the smtpaccess list (see makesmttpaccess). But, currently nodnslookup just looks only at the parameter. In tcpd.c, you can try changing if (nodnslookup) return; to something like if (nodnslookup || getenv("NODNSLOOKUP")) return; and then put 127.0.0.1allow,NODNSLOOKUP=1 into the smtpaccess file. But why don't you just run bind locally, and have it handle DNS resolution for local zones. You can have it listen only on local IP addresses, and thusly inaccessible from the Internet, and then get some benefits of a local DNS lookup cache. pgpczm2zko9wi.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
Idézem/Quoting Sam Varshavchik : > SZÉPE Viktor writes: > > >> 2) Is it possible for Courier to skip DNS lookups for "localhost"? >> >> I wonder why Courier is not using gethostbyname(). >> /etc/hosts contains: >> 127.0.0.1 localhost.localdomain localhost > > gethostbyname/gethostbyaddr can only look up A addresses. Courier > needs MX records, and so needs to use its own resolver; and with its > own DNS resolver code already in place, it makes no sense to use > different resolvers. > > There are several options in the esmtpd config file that control DNS > lookups on incoming connections: > > BOFHCHECKDNS; and TCPDOPTS passes through the options to > couriertcpd, such as -nodnslookup. Thank you for your support! -nodnslookup is the solution for satellite type server which delivery messages through one smarthost. What should I do on normal (tcp/25,587,465 are open to the internet) mail server where DNS lookup is necessary? Is there a way to exclude localhost from DNS lookup on the initial (pre-EHLO) connection? SZÉPE Viktor https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, III. kerület -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] monitoring prgram times out
SZÉPE Viktor writes: 2) Is it possible for Courier to skip DNS lookups for "localhost"? I wonder why Courier is not using gethostbyname(). /etc/hosts contains: 127.0.0.1 localhost.localdomain localhost gethostbyname/gethostbyaddr can only look up A addresses. Courier needs MX records, and so needs to use its own resolver; and with its own DNS resolver code already in place, it makes no sense to use different resolvers. There are several options in the esmtpd config file that control DNS lookups on incoming connections: BOFHCHECKDNS; and TCPDOPTS passes through the options to couriertcpd, such as -nodnslookup. pgpmDsSvVVMSa.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users