[Pkg-exim4-users] More resilient "local_host_whitelist"ing?

[Daniel Collis-Puro]

Exim folks,

We've set up a proxying spam/virus filter via exim-daemon-heavy and all
the usual suspects(spamassassin, clamav, dcc, pyzor, razor, various
rbls) - 'tis a thing of beauty: fast, efficient, accurate and no
backscatter.

Anyway: we'd like to ensure that a set of hosts never get mail rejected
at the exim level by listing them in the default "local_host_whitelist"
config, but we also don't want to do "ad hoc" DNS caching by entering IP
addresses in that file.

THE PROBLEM:

The problem with putting hostnames in that file is that - when a
hostname can't resolve - exim issues a temporary reject to every message
it sees. EVERY message. Until the hostname resolves again.

We've got a caching DNS server in place on this box (helps with RBL
lookups IMMENSELY), but we don't control the DNS for all the domains we
need to whitelist.

THE QUESTION:

Is there an easy way to set up the stanza below (in
conf.d/acl/20_exim4-config_whitelist_local_deny) to "defer" lookups when
a whitelisted hostname can't be resolved, just like you can defer other
lookups?

  accept
         hosts = ${if exists{CONFDIR/local_host_whitelist}\
                       {CONFDIR/local_host_whitelist}\
                       {}}

To me - deferring whitelisted domain lookups would be ideal : we
wouldn't have to stay aware of IP address changes on whitelisted
hostnames, and exim would just continue to process a message when a
whitelisted domain has a DNS hiccup.

If not, then we'll probably just implement a cron job to take our
desired list of hostnames and dump the IP addresses they resolve to into
local_host_whitelist.

Thanks in advance!

-DJCP

-- 
-**---****-----******-------********---------**********
Daniel Collis-Puro
Software Engineer
End Point Corp.
dan at endpoint.com
(office) 781-477-0885
(cell)   781-775-1338
**********---------********-------******-----****---**-