On Tue, 16 Mar 2004, Frank Meyer wrote:
> If host2 ist resolveable, both exim versions deliver mails from
> host3 to anywhere in the world. If host2 ist unresolveable,
> exim-4.11 delivers mails from host3 without any error message,
> exim-4.30 complains about host2 and will not accept any message
> from host3.
OK, I believe you. Something must have changed. I'll look at the
ChangeLog in a minute.
> In my opinion this is the only right behaviour.
Only in your special case. Not in the general case. You haven't
considered the possibility of negative entries. Consider, for example,
some_hostlist_item = !x.y.z : *
Exim scans the list from left to right. What should it do if it cannot
find the IP address for x.y.z? You are arguing that it should carry on
scanning the list. I argue that it should not, because if the host
really IS x.y.z, Exim will do the wrong thing because * will match it.
I do appreciate that the way this works leads to not-as-perfect-as-one-
would-like behaviour for host lists that just contain positive entries
that are FQDNs. Unfortunately, Exim isn't clever enough to analyse a
list to discover that it is of this type.
> If any DNS-server in the world failes to resolve host A, this failure
> must not have any effect of the delivery of messages by host B.
Then you need to re-arrange your configuration somehow. For a small
number of hosts, one can abandon the named list and end up with ACLs of
this type:
accept hosts = a.b.c
accept hosts = x.y.z
accept hosts = ....
However, this is not ideal, and doesn't scale.
> In reality my hostlist contains more than 500 hosts -
That will be a big performance hit because of the way Exim searches the
list linearly.
> Should I always generate a new hostlist with only resolveable
> hosts and send a SIGHUP to exim? This could happen very often -
> more than once a second ;-)
You can avoid having to SIGHUP Exim if you put the data in a file (even
if it is a linear list). Better performance would be obtained from some
kind of indexed lookup (e.g. cdb). If you are generating the list
automatically, why don't you generate IP addresses rather than host
names?
... goes away and looks at the ChangeLog for 4.12 onwards ... Aha. This
change happened at release 4.14:
73. A complete host name (no wildcards) in a host list causes a forward lookup
for the IP address. If this failed, Exim was behaving as if the host didn't
match the list, instead of giving an error (as it does when a reverse
lookup fails).
However, that doesn't precisely match your report. But maybe it should
have read "didn't match the list ITEM". I'm afraid I can't remember
(4.14 was released a year ago), but I strongly suspect this is the
change that is giving you trouble.
I'm afraid I don't really know what to suggest except some scheme that
passes only IP addresses to Exim (do the DNS lookups in advance?)
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
