[Exim] Lousy error message when verify = header_sender fails

Top Page
Delete this message
Reply to this message
Author: Greg Ward
Date:  
To: bugs
CC: exim-users
Subject: [Exim] Lousy error message when verify = header_sender fails
Philip --

when Exim 4 is configured to do header address verification, and
verification fails because of DNS timeouts, both the SMTP error message
and the log message are rather, umm, terse. Almost useless.

Here's a snippet of my ACL config from such a server:

  acl_smtp_data = check_message
  [...]
  check_message:
    [...]
    deny    !senders = :
            !verify  = header_sender
            message  = no valid sender address in any header line


And here's what I get with a test SMTP session using a domain whose DNS
is currently dead (DNS requests timeout, I think):

$ exim -bh 1.2.3.4
[...]
220 starship.python.net ESMTP Exim 4.10 Thu, 05 Sep 2002 17:48:53 -0400
mail from:<gward@???>
250 OK
rcpt to:<gward@???>
[... ACL processing ...]
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From: <spammer@???>
.
>>> using ACL "check_message"
>>> processing "require"
>>> check verify = header_syntax
>>> require: condition test succeeded
>>> processing "deny"
>>> check !senders = :
>>> python.net in ""? no (end of list)
>>> gward@??? in ":"? no (end of list)
>>> check !verify = header_sender
>>> verifying From: header address <spammer@???>

[...attempt to route spammer@???...]
>>> dnslookup router: defer for spammer@???
>>> message: host lookup did not complete
>>> deny: condition test deferred

451 Temporary local problem - please try later
LOG: 17n4Um-0000fr-00 H=[1.2.3.4] F=<gward@???> temporarily rejected after DATA

It took me several minutes of poking around to determine just what the
"temporary local problem" is -- and in fact, it's not a local problem at
all!

Here's how Exim explains this DNS problem:

$ exim -bt spammer@???
spammer@??? cannot be resolved at this time:
host lookup did not complete

and DJBDNS:

$ dnsmx gigigaga.net
[...~20 sec wait...]
dnsmx: fatal: unable to find MX records for gigigaga.net: temporary failure

and the "host" program from BIND (bind-utils-9.2.1 on a Red Hat Linux
6.2 box):

$ host -t mx gigigaga.net
Host gigigaga.net not found: 2(SERVFAIL)

Presumably one of those makes sense to someone who understands DNS. ;-)

        Greg
--
Greg Ward <gward@???>                         http://www.gerg.ca/
No animals were harmed in transmitting this message.