No I don't believe that is it, because in the output of running exim with
-d, it shows it evaluating the condition but it just says that the condition
failed to trigger the warn statement (thus, verification has passed):
28805 using ACL "acl_check_helo"
28805 processing "warn"
28805 check verify = helo
28805 warn: condition test failed
28805 processing "accept"
See, it processed the warn statement, did the verification (which was
actually done earlier):
28805 SMTP<< helo funky
28805 funky in helo_lookup_domains? no (end of list)
28805 sender_fullhost = (funky) [24.157.70.246]
28805 sender_rcvhost = [24.157.70.246] (helo=funky)
28805 set_process_info: 28805 handling incoming connection from (funky)
[24.157.70.246]
28805 verifying HELO funky
28805 looking up host name for 24.157.70.246
28805 DNS lookup of 246.70.157.24.in-addr.arpa (PTR) succeeded
28805 IP address lookup yielded
cpe0050fc237b04-cm014320108112.cpe.net.cable.rogers.com
28805 gethostbyname looked up these IP addresses:
28805 name=cpe0050fc237b04-cm014320108112.cpe.net.cable.rogers.com
address=24.157.70.246
28805 checking addresses for
cpe0050fc237b04-cm014320108112.cpe.net.cable.rogers.com
28805 24.157.70.246 OK
28805 getting IP address for funky
28805 gethostbyname returned 1 (HOST_NOT_FOUND)
28805 no IP address found for host funky (during SMTP connection from
(funky) [24.157.70.246])
28805 LOG: host_lookup_failed MAIN
28805 no IP address found for host funky (during SMTP connection from
(funky) [24.157.70.246])
28805 HELO verification failed but host is in helo_try_verify_hosts
Verification failed, thus meaning that "verify = helo" should return a false
value. So I don't think the verification stuff is working incorrectly, I
think it's just the final result code that's stored that is either incorrect
(or contrary to what documentation says it should be), or that "verify =
helo" is working backwards or only one-wayish (to always return true).
I added the test to my RCPT ACL as well, and still saw no warning:
28805 SMTP<< rcpt to: <user1@???>
28805 using ACL "acl_check_rcpt"
...
28805 processing "warn"
28805 check verify = helo
28805 warn: condition test failed
As you can see, the same result is to be had. I even went and changed the
HELO ACL to trigger on the DATA ACL instead, but the same result as always:
28812 Data file written for message 1AYGBD-0007Ui-Ci
28812 using ACL "acl_check_helo"
28812 processing "warn"
28812 check verify = helo
28812 warn: condition test failed
I'm hoping I didn't find a bug here :) Maybe just the docs are incorrect or
I interpreted them the wrong way? Sooo, I decided to run -d+all (switched
back to a HELO ACL for simplicity):
21:54:45 28820 SMTP<< helo funky
21:54:45 28820 --Malloc 0x80d9380 16 string.c 368 16400 4521
21:54:45 28820 ---0 Get 0x80dd1e8 8 string.c 387
21:54:45 28820 ---0 Get 0x80dd1f0 32 string.c 349
21:54:45 28820 funky in helo_lookup_domains? no (end of list)
21:54:45 28820 ---1 Get 0x80dad58 24 string.c 349
21:54:45 28820 ---1 Get 0x80dad70 24 string.c 349
21:54:45 28820 ---1 Get 0x80dad88 104 string.c 856
21:54:45 28820 sender_fullhost = (funky) [24.157.70.246]
21:54:45 28820 sender_rcvhost = [24.157.70.246] (helo=funky)
21:54:45 28820 set_process_info: 28820 handling incoming connection from
(funky) [24.157.70.246]
21:54:45 28820 verifying HELO funky
21:54:45 28820 looking up host name for 24.157.70.246
21:54:45 28820 DNS lookup of 246.70.157.24.in-addr.arpa (PTR) succeeded
21:54:45 28820 ---1 Get 0x80dadf0 8 host.c 1233
21:54:45 28820 ---1 Get 0x80dadf8 264 host.c 1243
21:54:45 28820 ---1 Rst 0x80dae30 ** host.c 1246 16400
21:54:45 28820 IP address lookup yielded
cpe0050fc237b04-cm014320108112.cpe.net.cable.rogers.com
21:54:45 28820 ---0 Get 0x80dd210 16 string.c 349
21:54:45 28820 gethostbyname looked up these IP addresses:
21:54:45 28820
name=cpe0050fc237b04-cm014320108112.cpe.net.cable.rogers.com
address=24.157.70.246
21:54:45 28820 checking addresses for
cpe0050fc237b04-cm014320108112.cpe.net.cable.rogers.com
21:54:45 28820 24.157.70.246 OK
21:54:45 28820 getting IP address for funky
21:54:45 28820 gethostbyname returned 1 (HOST_NOT_FOUND)
21:54:45 28820 ---0 Get 0x80dd220 48 string.c 349
21:54:45 28820 ---0 Get 0x80dd250 96 string.c 349
21:54:45 28820 no IP address found for host funky (during SMTP connection
from (funky) [24.157.70.246])
21:54:45 28820 LOG: host_lookup_failed MAIN
21:54:45 28820 no IP address found for host funky (during SMTP connection
from (funky) [24.157.70.246])
21:54:45 28820 HELO verification failed but host is in helo_try_verify_hosts
21:54:45 28820 ---0 Get 0x80dd2b0 24 string.c 349
21:54:45 28820 using ACL "acl_check_helo"
21:54:45 28820 processing "warn"
21:54:45 28820 check verify = helo
21:54:45 28820 warn: condition test failed
21:54:45 28820 processing "accept"
21:54:45 28820 accept: condition test succeeded
21:54:45 28820 ---0 Rst 0x80dd1e8 ** smtp_in.c 785 16400
21:54:45 28820 ---0 Get 0x80dd1e8 96 string.c 349
21:54:45 28820 ---0 Ext 0x80dd1e8 190 string.c 868
21:54:45 28820 SMTP>> 250 testunix.webminders.com Hello
cpe0050fc237b04-cm014320108112.cpe.net.cable.rogers.com [24.157.70.246]
But that didn't seem to yeild any more information than we had already (I
stripped exim if that's why there's hex numbers rather than something
else... Not sure).
Any other tests anyone can suggest I run?
Eli.
-----Original Message-----
From: exim-users-admin@??? [
mailto:exim-users-admin@exim.org] On Behalf
Of Wakko Warner
Sent: Sunday, December 21, 2003 8:51 PM
To: Eli
Cc: exim-users@???
Subject: Re: [Exim] Verify = helo not working in acl_smtp_helo?
> Here is my acl (and two relevant main config settings):
>
> helo_try_verify_hosts = *
> acl_smtp_helo = acl_check_helo
>
> acl_check_helo:
> # warn message = X-Warning-HELO: [${sender_host_address}]
> provided invalid HELO/EHLO data
> warn message = X-Warning-HELO:
> [${sender_host_address}/${host}/${host_address}] provided invalid
HELO/EHLO
> data
> verify = helo
> accept
Have you tried moving that warn statement to the RCPT acl? I don't believe
verification has been performed yet when the HELO acl runs. I did the
original patch for this and I put it before the verification because the
string becomes blank if it fails verification.
--
Lab tests show that use of micro$oft causes cancer in lab animals
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim
details at
http://www.exim.org/ ##
---
[This E-mail scanned for viruses]
---
[This E-mail scanned for viruses]