DNS stands for Domain Name System. A domain is any logical or physical collection of related hosts or sites, such as example.gov or www.example.gov.
The
dnsblfeature (7.2.1[3ed]) no longer uses thehostdatabase-map type to look up addresses. Instead, it uses thednsdatabase-map type (Section 9.1.1 [V8.13]).The
DNSBL_MAP_OPTmcmacro (Section 9.1.1 [V8.13]) has been added so that you may tune the database-map flags used with thednsblfeature.The
check_relayrule set (7.1.1[3ed]) is now called with the value of${client_name}macro (21.9.20[3ed]), allowing it to deal with bogus DNS entries (Section 9.1.2 [V8.13]).
The dnsbl feature (7.2.1[3ed]) is used
to
enable the blocking of email
from open relay sites, dial-up sites, or known spamming sites. It
does so by invoking the RBL technique, which is discussed in
7.2[3ed].
Prior to V8.13, the dnsbl feature employed the
host database-map type
(23.7.9[3ed]) to look up addresses.
Beginning with V8.13, this feature now uses the
dns database-map type
(23.7.6[3ed]).
The default declaration for the dns database-map
for this feature looks like this:
Kdnsbl dns -R A -T<TMP>
If you wish to change the type of the lookup, you may redefine the
dns -R A part of the expression:
define(`DNSBL_MAP´, `dns -R TXT´) FEATURE(dnsbl, ...)
Here, the DNSBL_MAP redefines the
lookup
so that it performs TXT record lookups instead of
A record lookups. Note that
DNSBL_MAP must be defined before this feature is
declared for the feature to have any effect.
You may also list additional arguments for the dns
database-map used with this feature. Those additional arguments will
follow the -T<TMP> part in the declaration
and are specified like this:
define(`DNSBL_MAP_OPT´, `-d1s´) FEATURE(dnsbl, ...)
Here, the -d1s tells sendmail
to reduce the res_search( )
_res.retry interval to one second from the default
of five seconds. Note that DNSBL_MAP_OPT must be
defined before this feature is declared for the feature to have any
effect.
Prior to V8.13, the check_relay
rule set
(7.1.1[3ed]) was called with a workspace
that looked like this:
host$|IPnumber
The host and
IPnumber were separated by the
$| operator. The host
was the fully qualified canonical name of the connecting host. The
IPnumber was the IP number of that host in
dotted-quad form without surrounding square brackets, or the IPv6
number prefixed with a literal IPv6:. Because
these values were looked up with DNS before the rule set was called,
there was a possibility that those values could be falsely
represented.
But, beginning with V8.13 sendmail, this problem
is solved. The check_relay rule set is now called
with a workspace that contains the value of the
${client_name} macro
(21.9.20[3ed]), which is assigned its
value when a host connects to the listening daemon. This value is the
canonical hostname of the connecting host, which is the same as the
hostname stored in the $_ macro
(21.9.1[3ed]).
If you created your own Local_check_relay rule
set, which relied on the old style workspace contents, you will need
to redesign that rule set to use the new style workspace.