[Exim] DNSsec records and exim

Top Page
Delete this message
Reply to this message
Author: Michael Richardson
Date:  
To: exim-users
CC: aland
Subject: [Exim] DNSsec records and exim
I have recently (2001/9/12) started to sign my zone, sandelman.ottawa.on.ca.

Mail started getting rejected by various systems, but not all. It appears
that they do not properly process the SMTP From line, and believe it to be
spam. (At the least, I'd rather it returned 4xx code, as it may just be a
slow DNS)

My main mail relay is sendmail 8.8.8. My outgoing mail relay is 8.11. (Both NetBSD)

One desktop that spools its owner's email locally works just fine. It runs
stock Debian exim config with 3.12. Trace below.

A co-located box, Netwinder running redhat/arm and exim 3.22 rejects my
email. See second trace below. This box, however, sees my info just fine:

Note that this is not exclusive to exim, but the boxes which I can try
patches on happen to run exim. I have also seen this with Solaris 6 boxes
(but not consistently...)

I have two hypothesis:
  1) bind 8 and/or 9 does something strange in the way it attaches SIG
     records to the reply which confuses some stub resolvers or applications.
     {yes, I have contacted ISC}


2) some applications (i.e. exim) fail to ignore the SIG record.

Note that my listed DNS servers are bind 8.2.0, but they take data from
a private box running bind 9.2.0rc3.

I have removed the SIG records, restarted exim, restarted named on
the failing box, and removing /var/spool/exim/db/reject, but I get the
same thing still.

Any help would be appreciated.

[root@giles /]# host -a lox.sandelman.ottawa.on.ca
Trying null domain
rcode = 0 (Success), ancount=5
The following answer is not authoritative:
The following answer is not verified as authentic by the server:
lox.sandelman.ottawa.on.ca      915 IN  A       192.139.46.2
lox.sandelman.ottawa.on.ca      915 IN  SIG     A 1 5 7200 1003088669 1000496669 21577 sandelman.ottawa.on.ca XAX6M98UyuiqVZxIKhNmPugDBVhIpNIqeOuiNyAZIh4O+mmp9y/6F+QOtmV8hzyQUXXy4RVurtJFU5mEdODPE73vNkZnKWy0RRHQC6Al35tUnurhmeotUDm+INXRyVTz
lox.sandelman.ottawa.on.ca      7196 IN MX      10 mailhost.sandelman.ottawa.on.ca.sandelman.ottawa.on.ca
lox.sandelman.ottawa.on.ca      7196 IN MX      10 nox6.sandelman.ottawa.on.ca.sandelman.ottawa.on.ca
lox.sandelman.ottawa.on.ca      7196 IN SIG     MX 1 5 7200 1003088669 1000496669 21577 sandelman.ottawa.on.ca fQCKfpBgfrtkVJ4arFYRFKVz2nZ+oT7T79aOGbTPNT3qiFLA/nBLXpkQi40G+C2a0GTFvXSPFfWsQDEgNm0kk++YbuFNcmyoDwGGDiSal+kxkL8pWXj869y9pKwXFCtl


An exim box that likes me. (Note that this box does not run a local DNS server)

lox-[~] mcr 1064 %Mail -v monkey
Subject: hi there

This is a test.

.
EOT
/sandel/users/monkey/.forward: line 1: forwarding to monkey@???
monkey@???... Connecting to cassidy.sandelman.ottawa.on.ca. via esmtp...
220 cassidy.sandelman.ottawa.on.ca ESMTP Exim 3.12 #1 Fri, 14 Sep 2001 19:27:12 -0400
>>> EHLO lox.sandelman.ottawa.on.ca

250-cassidy.sandelman.ottawa.on.ca Hello root at lox.sandelman.ottawa.on.ca [192.139.46.2]
250-SIZE
250-PIPELINING
250 HELP
>>> MAIL From:<mcr@???> SIZE=50

250 <mcr@???> is syntactically correct
>>> RCPT To:<monkey@???>

250 <monkey@???> is syntactically correct
>>> DATA

354 Enter message, ending with "." on a line by itself
>>> .

250 OK id=15i2Ma-0005sJ-00
monkey@???... Sent (OK id=15i2Ma-0005sJ-00)
Closing connection to cassidy.sandelman.ottawa.on.ca.
>>> QUIT

221 cassidy.sandelman.ottawa.on.ca closing connection
You have new mail.

*************
An Exim box that does not like me:
*************

lox-[~] mcr 1063 %Mail -v aland@???
Subject: another test.

THis is another test.

.
EOT
aland@???... Connecting to mail.striker.ottawa.on.ca. via esmtp...
220 giles.striker.ottawa.on.ca ESMTP Exim 3.22 #2 Fri, 14 Sep 2001 18:45:25 -0400
>>> EHLO lox.sandelman.ottawa.on.ca

250-giles.striker.ottawa.on.ca Hello root at lox.sandelman.ottawa.on.ca [192.139.46.2]
250-SIZE
250-PIPELINING
250 HELP
>>> MAIL From:<mcr@???> SIZE=81

250 <mcr@???> is syntactically correct
>>> RCPT To:<aland@???>

250 <aland@???> verified
>>> DATA

354 Enter message, ending with "." on a line by itself
>>> .

550 rejected: cannot route to sender <mcr@???>
aland@???... Service unavailable
/users/mcr/dead.letter... Saved message in /users/mcr/dead.letter
Postmaster... aliased to bagel
bagel... aliased to mcr@???
mcr@???... Connecting to local...
mcr@???... Sent
Closing connection to mail.striker.ottawa.on.ca.
>>> QUIT

221 giles.striker.ottawa.on.ca closing connection