Re: Unexpected behaviour in sender_host_reject

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJohn Henders at <-
MRichard Welty at ->
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: John Henders
CC: exim-users
Subject: Re: Unexpected behaviour in sender_host_reject
On Sun, 7 Sep 1997, John Henders wrote:

> However, when I use the following line in configure,,
>
> sender_host_reject = "lsearch;/opt/exim/etc/reject.hosts"
>
> I find 1.70 adds an unexpected feature. If it can't do a reverse lookup
> on the connecting address, it rejects it.
>
> This is unfortunately a bit too strict for me. I've looked through the
> new documentation for 1.70 and I don't see this additional behaviour
> documented, and I also can't find any way to turn it off.

I did do some "bug fixing" in connection with addresses that couldn't be
looked up. The relevant item in the ChangeLog is: 

63. If a host list contains wild cards (other than "*") or if a host name
cannot be looked up in the DNS, an attempt to match the list causes a reverse
lookup of the IP address. If this failed, Exim was previously ignoring the     
relevant item in the list. Now it behaves as if the host does not match in
cases where the list is permissive (e.g. sender_accept_hosts) and as if it does
in cases where the list is prohibitive (e.g. sender_reject_hosts).


> Is this this
> intended behaviour? It seems opposite to the implied intention of only
> rejecting a connection if the reverse matches a host in
> sender_host_reject.

I clearly did intend it at the time, judging from the ChangeLog entry.
John wants it different. Are there another opinions?

This behaviour applies to any rejecting options. If you set up to reject
calls or relaying from certain hosts, without this behaviour the host
can circumvent your block simply by arranging that the reverse DNS
lookup doesn't work. I think that was what was in my mind.

Changing this for sender_host_reject is a trivial patch. Line 787 of
smtp.c contains 

            &sender_host_reject_hosts, TRUE)) == TRUE ||


Just change the first TRUE to FALSE, and failing to look up the host
will behave as if the host is not in the list. 


-- 
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714



--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: Routers injecting item into director chain?System loading.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)