On Wed, Jun 10, 2015 at 7:25 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 10.06.2015 um 13:21 schrieb Kevin A. McGrail: >> >> On 6/10/2015 12:45 AM, Michael B Allen wrote: >>> >>> But I just can't >>> bring myself to install a caching DNS server and run everything >>> through localhost. This is why software should be librarified. >> >> I strongly advise you to install a caching DNS server and using a few RBLs > > > +1 > > i can't understand "I just can't bring myself to install a caching DNS > server and run everything through localhost" because that is the way to go > to avoid exceed RBL limits and bad resolvers > > > "This is why software should be librarified" is nonsense in that context - > the library also needs to ask a dns server at the end of the day and the > server needs to be 100% trustable when it comes to email > > given that install unbound as local resolver takes 2 minutes it's even not > worth to argue on that topic and a spamfilter without RBL's and URIBL's is > just nonsense
I have installed a caching DNS server before (albeit probably about 15 years ago). But it just shouldn't be necessary. By "librarified" I mean the DNS "server" is just a code context that can be constructed with it's own config precisely and only as needed by the software that will be querying it (possibly temporarily if it's just client-only activity like a barrage of DNS queries fired in reaction to an email that fails other spam tests). It should not be necessary to change the resolver configuration or behavior of the entire system and everything running on it if only one component in the system needs this special feature (in this case a query limit and private cache). That is just bad programming philosophy and it the source of a lot of bad behavior in software (and DNS is a very good example of this actually). Not everyone is running a dedicated mail server. My server is an everything-server running on a hosted VPS that only has a few "users" that get significant amounts of email. I'm not sure I want another daemon that can break or take up clock cycles and memory on a system processing 10 spams / hour (of which the DNSBL service might catch 2?). At least not yet, but I suppose I could change my mind. At the moment not that many spams are getting through. Mike
