Re: [Exim] dns_again_means_nonexist don't work for verify = …

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhilip Hazel at <-
MMPhilip Hazel at ->
Delete this message
Reply to this message
Author: Justo Alonso
Date:  
To: exim-users, Philip Hazel
CC: exim-users
Subject: Re: [Exim] dns_again_means_nonexist don't work for verify = reverse_host_lookup
On Thursday 30 October 2003 10:45, Philip Hazel wrote:

Hi, attack again... ;))

exim -d+resolver -bh 195.53.251.5
.................
processing "require"
check verify = reverse_host_lookup
looking up host name to force name/address consistency check
looking up host name for 195.53.251.5
IP address lookup failed: h_errno=2
require: condition test deferred
SMTP>> 451 Temporary local problem - please try later
451 Temporary local problem - please try later
LOG: MAIN REJECT
H=(per03.in.mad.eresmas.com) [195.53.251.5] F=<justo.alonso@???>
temporarily rejected RCPT justo.alonso@???: host lookup deferred for
reverse lookup check

In the src/host.c source file, in host_name_lookup() function, we have:

/* Do lookup on IPv4 system */

#else
addr.s_addr = (S_ADDR_TYPE)inet_addr(CS sender_host_address);
hosts = gethostbyaddr(CS(&addr), sizeof(addr), AF_INET);
#endif

/* Failed to look up the host. NB host_lookup_msg must be in permant store. */ 

if (hosts == NULL)
  {
  HDEBUG(D_host_lookup) debug_printf("IP address lookup failed: h_errno=%d\n",
    h_errno);
  if (h_errno != TRY_AGAIN && h_errno != NO_RECOVERY)
    {
    if (host_checking || !log_testing_mode)
      log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
        "address %s", sender_host_address);
    host_lookup_msg = US" (failed to find host name from IP address)";
    host_lookup_failed = TRUE;
    return FAIL;
    }
  return DEFER;
  }


If we have TRY_AGAIN in h_errno, then we return DEFER.
We don't check the dns_again_means_nonexist !?!?...... then, for
reverse_host_lookup this option don't work??....

Philip, you can add support for this option to reverse_lookup ?!?!?

thankx in advance

Justo

> On Wed, 29 Oct 2003, Justo Alonso wrote:
> > I set dns_again_means_nonexist = * to reject all "SERVFAIL" or
> > "non-authoritative host not found'... but don't work... I have in the
> > log:
> >
> > 2003-10-29 13:25:32 H=(mail.movilab.net) [195.53.251.5]
> > F=<roig_p@???> temporarily rejected RCPT <proigb@???>:
> > host lookup deferred for reverse lookup check
>
> dns_again_means_nonexist applies when the DNS resolver function
> res_search() fails and sets h_errno to the value TRY_AGAIN. Maybe the
> resolver you are using gives some other error return in this case.
>
> The way to test this is to run a test with DNS debugging turned on:
>
> exim -d+resolver -bh 195.53.251.5
> <enter SMTP commands here>
>
> See what gets output by the resolver debugging, and see whether the Exim
> debugging says
>
> DNS lookup of xxx (xxx) gave TRY_AGAIN
>
> or not.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Unable to relay[Exim] bogus bounces->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)