DNS stands for Domain Name System. A domain is any logical or physical collection of related hosts or sites, such as example.gov or www.example.gov.
The dnsbl
feature
(7.2.1[3ed]) no longer uses the
host
database-map type to look up addresses.
Instead, it uses the dns
database-map type (Section 9.1.1
[V8.13]).
The DNSBL_MAP_OPT
mc
macro
(Section 9.1.1
[V8.13]) has
been added so that you may tune the database-map flags used with the
dnsbl
feature.
The check_relay
rule set
(7.1.1[3ed]) is now called with the value
of ${client_name}
macro (21.9.20[3ed]), allowing
it to deal with bogus DNS entries (Section 9.1.2
[V8.13]).
The dnsbl
feature (7.2.1[3ed]) is used
to
enable the blocking of email
from open relay sites, dial-up sites, or known spamming sites. It
does so by invoking the RBL technique, which is discussed in
7.2[3ed].
Prior to V8.13, the dnsbl
feature employed the
host
database-map type
(23.7.9[3ed]) to look up addresses.
Beginning with V8.13, this feature now uses the
dns
database-map type
(23.7.6[3ed]).
The default declaration for the dns
database-map
for this feature looks like this:
Kdnsbl dns -R A -T<TMP>
If you wish to change the type of the lookup, you may redefine the
dns -R A
part of the expression:
define(`DNSBL_MAP´, `dns -R TXT´) FEATURE(dnsbl, ...)
Here, the DNSBL_MAP
redefines the
lookup
so that it performs TXT
record lookups instead of
A
record lookups. Note that
DNSBL_MAP
must be defined before this feature is
declared for the feature to have any effect.
You may also list additional arguments for the dns
database-map used with this feature. Those additional arguments will
follow the -T<TMP>
part in the declaration
and are specified like this:
define(`DNSBL_MAP_OPT´, `-d1s´) FEATURE(dnsbl, ...)
Here, the -d1s
tells sendmail
to reduce the res_search
( )
_res.retry
interval to one second from the default
of five seconds. Note that DNSBL_MAP_OPT
must be
defined before this feature is declared for the feature to have any
effect.
Prior to V8.13, the check_relay
rule set
(7.1.1[3ed]) was called with a workspace
that looked like this:
host
$|IPnumber
The host
and
IPnumber
were separated by the
$|
operator. The host
was the fully qualified canonical name of the connecting host. The
IPnumber
was the IP number of that host in
dotted-quad form without surrounding square brackets, or the IPv6
number prefixed with a literal IPv6
:. Because
these values were looked up with DNS before the rule set was called,
there was a possibility that those values could be falsely
represented.
But, beginning with V8.13 sendmail, this problem
is solved. The check_relay
rule set is now called
with a workspace that contains the value of the
${client_name}
macro
(21.9.20[3ed]), which is assigned its
value when a host connects to the listening daemon. This value is the
canonical hostname of the connecting host, which is the same as the
hostname stored in the $_
macro
(21.9.1[3ed]).
If you created your own Local_check_relay
rule
set, which relied on the old style workspace contents, you will need
to redesign that rule set to use the new style workspace.
18.116.36.192