Hello! In the attachment find a patch to qmail-ldap, which makes the rbl-lookup use the dns-resolver library from Dan Bernstein: libdjbdns.
The motivation for this patch is ease of contribution to Open-Relay-Checks: at least http://njabl.org/ provides a mecanism, where users of the Blacklist contribute to automated open-relay testing: The rbl-lookups of the mail server have to come from a specific IP-address, which is registered by Njabl. No other dns-resoluci�n has to be done from this IP-address then those issued by teh mail server. Each IP-address which is looked up is then scheduled for open-relay testing by Njabl, if it is not yet in the open-relay database. This way open-relays are detected almost instantly. See the URL of njabl for more details. To improve the effect in more complex setups (mailserver clusters, etc.) I set up a dnscache (resolver) at a determined IP, and allow several different mail servers to resolve rbl lookups via this dnscache. Now I have to persuade the mail servers to use this determined IP address instead of the standard resolution in /etc/resolv.conf The djbdns library has the facility to specify an environment variable DNSCACHEIP, which overrides the default "nameserver ..." directive for name resolution. However, "stock" qmail-ldap, in contrast to stock qmail, uses the standard unix convention for name resolution, so I rewrote the rbl_lookup function in rbl.c to use djbdns. The djbdns library is in the public domain, and Gerrit Pape has made a binary package available for the Debian distribution of Linux. To use the patch under Debian just apt-get install libjdbdns1 libdjbdns1-dev and apply the patch to a clean qmail-ldap source, i.e. qmail-1.03 + qmail-ldap patch + qmail-ldap-djb patch. If you want to use it in another environment, you'll have to get djbdns from http://cr.yp.to or just the djbdns library from http://smarden.org/pape/djb/manpages/djbdns-pd-1.05.tar.gz and make sure that the include files go under /usr/include/djbdns, dns.h under /usr/include, and the library under /usr/lib. To redirect rbl-lookups to a specific dns-resolver use tcpserver, here is an example tcp.smtp file: 127.:allow,RELAYCLIENT,SANITYCHECK="" :allow,SANITYCHECK="",RBL="",DNSCACHEIP="165.98.128.3" The following are notes about the implementation: I did a quick hack to acomplish what I needed and did not study at depth the code of qmail-ldap. The resolver library used by qmail-ldap seems to use a somewhat inverse aproach then libdjbdns with respect to data-structures, so that a complete substitution of name resolution with libdjbdns would need a major rewrite. The patch stinks because the found (four byte) IP address in rblsa is converted each and any time to a string representation: rblip, while it would be desirable to precompile the matchon IP address from the rbllist file (127.0.0.2, .. any) at startup to a binary representation and make a 4 byte comparison with rplsa. "any" could be represented by "0.0.0.0". Best Regards, Jorge-Le�n
qmail-ldap-djb.patch.gz
Description: Binary data
