Re: [EXIM] Possible bug in hosts_lookup_nets ?

Top Page
Delete this message
Reply to this message
Author: Elena Blanco
Date:  
To: exim-users
Subject: Re: [EXIM] Possible bug in hosts_lookup_nets ?
James FitzGibbon wrote:

> We think we've found a small bug in exim's host_lookup routines,
> specifically those dealing with reverse DNS for a host.
>
> Let's say that we want to run a mail server that does not care if you have
> proper reverse DNS. If you include sender_{host,net}_reject lines in your
> config file, exim will always reject connections from such hosts, even if
> you don't use host_lookup_nets.
>
> If you comment out those lines, exim will allow connections. It seems
> that even if a host does not have to use HELO/EHLO, and host_lookup_nets
> is off, the process of looking up the host in the reject lists causes the
> reverse DNS lookup to be performed. If there isn't reverse, the
> connection is closed and an error is logged.
>
> Is this an oversight, or have I missed something essential in our
> configuration ? We rejected some 65,000 connections in the course of a
> week here due to invalid reverse, so we had to turn off reject checking.
> This in turn has increased our vulnerability to known spammers. I'd like
> to have both features available to me, but the proliferation of hosts
> without proper reverse (and the number of them who seem to want to e-mail
> our users) doesn't allow it.
>
> Thanks for any advice.
>


I've had exactly the same problem and after huffing and puffing about how others
should fix their reverse entries, I use "+allow_unknown" as an entry in the list
of senders that I want to reject and that does the trick, ie allows connections
where the reverse lookup fails. You can find the precise details of what this
does in the docs.

However, I have found that sender_host_reject is not appropriate for us as it
checks the RFC 1413 ident rather than checking the sender's address as found in
the MAIL FROM so I use sender_reject instead.

(Philip - Does the apparent success of sender_reject alongside sender_net_reject
work for us by coincidence or intent?)

Elena


-------------------------------------------------------------------------------
-  Elena Blanco, Computing Services, University of Oxford
-             13 Banbury Road, Oxford, OX2 6NN, UK
-  Tel: +44 1865 273250      Fax: +44 1865 273275
-  EMail:     elena.blanco@???  



--
*** Exim information can be found at http://www.exim.org/ ***