We think we've found a small bug in exim's host_lookup routines,
specifically those dealing with reverse DNS for a host.
Let's say that we want to run a mail server that does not care if you have
proper reverse DNS. If you include sender_{host,net}_reject lines in your
config file, exim will always reject connections from such hosts, even if
you don't use host_lookup_nets.
If you comment out those lines, exim will allow connections. It seems
that even if a host does not have to use HELO/EHLO, and host_lookup_nets
is off, the process of looking up the host in the reject lists causes the
reverse DNS lookup to be performed. If there isn't reverse, the
connection is closed and an error is logged.
Is this an oversight, or have I missed something essential in our
configuration ? We rejected some 65,000 connections in the course of a
week here due to invalid reverse, so we had to turn off reject checking.
This in turn has increased our vulnerability to known spammers. I'd like
to have both features available to me, but the proliferation of hosts
without proper reverse (and the number of them who seem to want to e-mail
our users) doesn't allow it.
Thanks for any advice.
--
j.
James FitzGibbon james@???
System Engineer, ACC Global Net Voice/Fax (416)207-7171/7610
--
*** Exim information can be found at
http://www.exim.org/ ***