Re: [Exim] Bug in Exim 3.35 ?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Martin Rode
CC: exim-users
Subject: Re: [Exim] Bug in Exim 3.35 ?
On 17 Feb 2003, Martin Rode wrote:

> to keep a few spam mailers off. but the problem is if exim cannot
> determine a name for the host because the sending system dns reverse
> lookup is broken than any host in host_reject_(recipients) causes exim
> to reject the mail from the unresolved IP.
>
> IMHO this is not the way it should work. host_reject should have not any
> influence on unresolved hosts.
>
> what do you think, where can i post this bug to?


You can post it here, but:

(1) Exim 3 is obsolete; Exim 4 has been out for a year now.

(2) This is not a bug. It is cleary documented in the Exim 3 manual:

------------------------------------------------------------------------------
The remaining items are wildcarded patterns for matching against the host
name. If the host name is not already known, Exim calls "gethostbyaddr()" to
obtain it from the IP address. This typically causes a reverse DNS lookup to
occur. If the lookup fails, Exim takes a hard line by default and access is
not permitted. If the list is an 'accept' list, Exim behaves as if the current
host is not in the set defined by the list, whereas if it is a 'reject' list,
it behaves as if it is.

To change this behaviour, the special item '+allow_unknown' may appear in the
list (at top level - it is not recognized in an indirected file). If any
subsequent items require a host name, and the reverse DNS lookup fails, Exim
permits the access, that is, its behaviour is the opposite to the default. For
example,

host_reject = +allow_unknown:*.enemy.ex

rejects connections from any host whose name matches "*.enemy.ex", but only if
it can find a host name from the incoming IP address. If '+warn_unknown' is
used instead of '+allow_unknown', the effect is the same, except that Exim
writes an entry to its log when it accepts a host whose name it cannot look
up.
------------------------------------------------------------------------------

(3) I (and I think others) would disagree with your view. If you put in
a rule that says "block hosts with this name" and Exim cannot find the
name, I don't think it should let the host connect.

However, thanks for taking the time to report your concern.

Philip


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.