Gary Funck wrote:
> Florian's note says the following:
>
> "For high-traffic environments it is really useful to mirror all used
> *.blackholes.us zones, if possible on a DNS running on the MTA host
> itself. The amount of DNS lookups per email is quite high, but most
> spammers spamvertise the same IP quite often, and *.blackholes.us uses
> long TTL values."
>
> Two questions:
>
> 1) What level of e-mail messages would be considered "high volume".
That is an open ended question. It will mean different things to
different people. Let me suggest that whatever runs your servers or
network at 50% or more of your capacity would be high volume for you.
If you are not seeing a constant cpu load average due to mail then you
are not running at high capacity. For some people that will be a
single Pentium and for others that will be a rack of dual Alphas.
This is really only a question in which you can answer.
> 2) How does one set up a mirror using named/Bind?
First you would need to make sure you have access permission on the
server to mirror their zone. Transfering zone data can be taxing on
servers. If everyone in the world pulled from them then the effect is
the same as being slashdotted. Therefore typically DNS servers will
restrict which machines can do zone transfers. So unless it is an
open server even if you set up a slave it won't work because the
master will block it for security reasons. But if it is then the
following will do it.
<drifting way offtopic>
In your bind configuration file (/etc/bind/named.conf on my machine)
add the following zone statement. This names the zone, specifies it
as a slave, says where to get the data from and what filename to use
to store the data in locally.
options {
directory "/var/cache/bind";
[...]
zone "example.com" {
type slave;
masters { 192.0.34.166; }; // example.com
file "db.example.com";
};
It is typical to keep your master copies of the zone files in
/etc/bind. Although you can put them anywhere and many people do.
Revision control is strongly recommended wherever you put them! But
you are talking about slaving.
It is typical to keep your slave zones in someplace under /var such as
/var/cache/bind is common. The data is just a cache and changes when
the zone is changed remotely. This is not really local configuration
and so by today's thinking (FHS) goes under /var, not /etc like we
used to do in the old days. Remember that slave zones are written by
the running named and the directory needs to be writable by that user
id. Also remember that chrooted daemons root their filesystem in the
chroot. Everything is configurable and many people prefer different
configurations. It is hard to say absolutely that this is the way it
is or should be.
</drifting>
Bob
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
