Re: sender_verify_fixup - doesn't seem to work

Top Page
Delete this message
Reply to this message
Author: Stuart Lynne
Date:  
To: John Henders
CC: exim-users
Subject: Re: sender_verify_fixup - doesn't seem to work
On Dec 17, jhenders@??? (John Henders) wrote:
> >
> > After adding sender_verify and sender_verify_fixup to the configure
> > file, the following message was rejected.
>
> > 154P Received: from ns.web2010.com [208.14.1.1] (nobody)
>
> After doing some more digging (literally) I've found that the problem
> here seems to be in this case attempting to get an MX record for
> ns.web2010.com leads to a timeout for some reason. From the SOA record
> returned for the domain it is probably a database config error. However,
> it would seem to me that if sender_verify_fixup is defined, then it
> might be a more preferable strategy to fall through to it rather than
> defering on the timed out MX lookup on the envelope From line. Is this
> possible? Would it be a good idea?


This domain certainly has DNS problems. We get an improper result trying
to get the MX record for it but we do get a valid and useable response
trying to get an A record.

There are two different "problems" here.

    - if we fail on an MX lookup should we defer immediately or 
      continue trying a DNS lookup for A record.


    - if we have a DNS soft failure for MX (and/or A record depending 
      on how we answer the previous question) should we defer or 
      continue and try to fixup and look at the rest of the headers.


The purist in me say's this is not a good thing to do, but the pragmatist
says it's obvious from the above example that in some cases we will get
a timeout doing an MX lookup when we can get a valid response for an
A record. :-(

Checking an A record after MX soft failure seems to be an easy change.
If the test after the MX dns_lookup was changed then exim would attempt to
look for an A record on MX failure.

>From host.c:


> int
> host_find_bydns(host_item *host, BOOL mx_only, BOOL a_only,
> BOOL qualify_single, BOOL search_parents, char **fully_qualified_name)
> {
> host_item *h, *last;
> dns_record *rr;
> int rc = DNS_FAIL;
> int mx_count, mx_addressed, yield;
>
> /* Set the default fully qualified name to the incoming name, initialize the
> resolver if necessary, and set up the relevant options. */
>
> if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
> dns_init(qualify_single, search_parents);
>
> /* Search the DNS for MX records, possibly via a CNAME. */
>
> if (!a_only)
> {
> rc = dns_lookup(host->name, T_MX, fully_qualified_name);
> if (rc == DNS_FAIL) return HOST_FIND_FAILED;
> if (rc == DNS_AGAIN) return HOST_FIND_AGAIN;

if (rc == DNS_AGAIN && !mx-only) return HOST_FIND_AGAIN;

> }
>
> /* If there were no MX records and mx_only is FALSE, or if a_only is TRUE,
> try for an A record. If we find it (or them) check to see that it isn't
> the local host. */
>
> if (rc != DNS_SUCCEED)
>   {
>   if (!mx_only || a_only)
>     {
>     host_item *next = host->next;
>     last = host;
>     host->mx = -1;
>     rc = dns_set_address(host, fully_qualified_name);

>
>     /* If one or more A records have been found, find the last one and


Modifying smtp to continue on soft failure and do fixup is a bit harder.
(Meaning I looked at the code and it doesn't seem to be a one line fix.)

-- 
Stuart Lynne <sl@???>      604-933-1000      <http://www.poste.com>
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00  88 EC A3 EE 2D 1C 15 68