If an -R value other than those in Table 23-11 is specified, the following two errors are printed and logged. If the -R switch is omitted, only the second error is printed and logged: configfile: line num: dns map lookup: wrong type bad -R value configfile: line num: dns map lookup: missing -R type To make this dns database-map type more useful, the switches shown in Table 23-12 are also available for your use.
One possible use for this dns database map might be to do a reverse lookup of a connecting host's address and to defer the message if that address does not resolve.[10] Consider the following mc configuration, for example:
LOCAL_CONFIG Krlookup dns -RPTR -a.FOUND -d5s -r2 LOCAL_RULESETS Local_check_relay R $* $: $&{client_addr} R IPv6: $* $# OK R $+.$+.$+.$+ $: $(rlookup $4.$3.$2.$1.in-addr.arpa. $) R $* . FOUND $# OK R $* $#error $@ 4.1.8 $: "450 cannot resolve " $&{client_addr} Here, under the LOCAL_CONFIG, we declare a dns-type database called rlookup. The -RPTR specifies that we will be looking up PTR (address) records. The -a.FOUND instructs sendmail to append a literal .FOUND to the value returned by a successful lookup. Finally, the -d5s and -r2 switches prevent the lookup from hanging for too long an interval. The actual rules are under the LOCAL_RULESETS section of your mc configuration file. We place the rules under the Local_check_relay rule set (Section 7.1.1), which is used to screen incoming network connections and accept or reject them based on the hostname, domain, or IP number. The first rule matches everything and simply copies the value of the ${client_addr} macro into the workspace. That macro contains the connecting host's IP number. The second rule checks to see if the IP address is an IPv6 address (the IPv6: prefix), and if so, accepts the address (the $#OK). If the address is a normal dotted-quad, IPv4-style address (such as 123.45.67.8), the third rule finds it in the workspace. An IPv4 address is looked up in the RHS of the third rule using the rlookup database. The key point here is that an address has to look like a hostname, so we reverse it and add a literal .in-addr.arpa. suffix to it. For example: 123.45.67.8 would look up as 8.67.45.123.in-addr.arpa. The fourth rule detects the result of the lookup. If the workspace ends in a literal .FOUND, the lookup was successful and the rule set returns a $#OK, which means that the message is acceptable. The last rule handles any lookup failure (including temporary failures). The envelope sender is rejected with a temporary error, thus causing the sending site to retain the message in its queue. If the IP address can be looked up in the future, no harm is done. Otherwise, the message will eventually bounce. The value returned by the dns-type database map is always a single item. If a host has multiple MX, A, or AAAA records, a successful lookup will return only one such record. In the case of MX records, only a lowest-cost (most preferred) record will be returned. This dns-type database map can be used only if sendmail was built with the NAMED_BIND and DNSMAP compile-time macros defined (which they are by default). This dns-type database map is used primarily by the dnsbl (Section 7.2) and enhdnsbl (Section 7.2.2) features. Both of these features use the -RA and -T<TMP> switches. The enhdnsbl feature also uses the -r5 and -a. switches. These switches can be overridden for the dnsbl feature using the DNSBL_MAP_OPT mc configuration macro. For the enhdnsbl feature, only the timeout for -r can be changed using the EDNSBL_TO mc configuration macro. |