Milter-greylist

Benoit Branciard wrote:
> 
> 
> Matt Kettler a \ufffdcrit :
>  > Bob Smith wrote:
>  >> manu@... <mailto:manu%40netbsd.org> wrote:
>  >>> Bob Smith <bsmith@... <mailto:bsmith%40sudleyplace.com> 
> <mailto:bsmith%40sudleyplace.com>> wrote:
>  >>>
>  >>> > Sorry, but I must be really thick. How is that Sendmail does a lookup
>  >>> > on the DNS entry for (say) foo.dynip.com when that text never 
> appears in
>  >>> > the email?
>  >>>
>  >>> sendmail perform a DNS lookup on the IP address of the incoming SMTP
>  >>> connexion (a la getpeername(3)).
>  >> That's fine. But I asked who does a DNS lookup on the IP address of
>  >> foo.dynip.com so it can be compared to the IP address of the incoming
>  >> SMTP connection?
>  >>
>  >
>  > Nobody.
>  >
> 
> in milter-greylist 4.0+, you may implement it yourself with an
> "ulrcheck" clause and a small external app which does the foo.dynip.com
> DNS lookup, compares it to the client IP and returns the expected status.
> 
> But depending the load of your server and the technology you use,
> performance may be less than optimal, since you must call it for *every*
> incoming message.

I was thinking of something like

racl whitelist dns foo.dynip.com lookup 3h

to ease the load.  The actual IP address which corresponds to 
foo.dynip.com changes only when my home machine reboots and thus 
acquires another dynamic IP address.  This is uncommon enough that a 
check on every incoming message is way too drastic.

Is this design reasonable, or would you suggest something else?

-- 
_______________________________________________________________
Bob Smith - bsmith@... - http://www.sudleyplace.com