[Mimedefang] OT: RBL checking in Sendmail

[Jan-Pieter Cornet]

On Fri, Dec 15, 2006 at 02:50:32PM -0600, Richard Laager wrote:
> Currently, we check a couple of RBLs right away in filter_sender(). I've
> been thinking that it'd be nice to move those checks from MIMEDefang
> into Sendmail, for the following two reasons:
> 
> 1) If the message ends up being blocked, we avoid a milter call and all
> of MIMEDefang's setup overhead.

Setup overhead? There hardly is any, if you already have mimedefang
running.

> 2) If the message is not blocked, we save some time by having a Sendmail
> child waiting on the DNS query instead of a MIMEDefang child. The amount
> of time here may be so small as to be irrelevant, though.

It's going to be WAAAAAY longer than the "setup" time you worry about
above, by the way, but still on the order of <50ms average probably.
I don't really understand why you "save time", though. Sendmail isn't
getting a faster response from the DNS server than mimedefang is.

You might save some memory that way, true... but that's normally only
an issue when you start to spend several seconds in the mimedefang
code.

[...]
> Ideally, I just want to call the RBL from Sendmail at the MAIL command
> stage, before milters are called. Does anyone know how to do that? It
> seems I need to add something to do the call from Local_check_mail if
> and only if the sender is not local or authenticated.

It can be done.

Note, by the way, that you really want to test this at RCPT To time,
so you can exempt addresses like abuse@ and postmaster@ from the DNS
blacklists, so users who are incorrectly placed on those blacklists
can still contact you.

And you can even cache those lookups, from within sendmail.cf rules,
if you like, to prevent duplicate lookups due to multiple recipients.

I know - because I tried, at one point in the past, and succeeded. After
getting a splitting headache for wrapping my head around the terribly
arcane sendmail.cf ruleset language, and having to implement some basic
building blocks in that language -- like hash lookups.

I quickly junked that attempt and implemented it all in nice, clean
perl in MIMEDefang, where it's a breeze to code in any exception you
like, and where you can just build yourself a comfortable environment.


So -- to summarize -- save yourself a heap of trouble, and do not
try to squeeze out a few microseconds of optimization for a complex
monstrosity that is very hard to produce, impossible to maintain,
and will likely remain buggy in unforseen ways (like - there are
all sorts of sendmail compiled-in limits that you run into if you
really push the borders of the cf language).

-- 
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!