Re: [Exim] Most probably bug with host lists verifying

Top Page
Delete this message
Reply to this message
Author: Andrew V Stikheev
Date:  
To: exim-users
Subject: Re: [Exim] Most probably bug with host lists verifying
Hi,

I found, that in exim-4.14 this feature/big is appeared:

(cite from ChangeLog)
73. A complete host name (no wildcards) in a host list causes a forward lookup
    for the IP address. If this failed, Exim was behaving as if the host didn't
    match the list, instead of giving an error (as it does when a reverse
    lookup fails).



Philip or somebody else comments, please, this change. In the mail-archive i did not
find corresponding discussion :(.
Thank you.

According to Andrew V Stikheev:
> According to Andrew V Stikheev:
> > According to Philip Hazel:
> > > On Wed, 19 May 2004, Andrew V Stikheev wrote:
> > >
> > > > If in a hosts list (hostlist,smtp_ratelimit_hosts,rfc1413_hosts,...)
> > > > a non-existent domain is included, then exim doesn't try to match
> > > > the verified host with the list items after the non-existent domain
> > > > and treats the verified host as not present in the hosts list.
> > > > If a "+include_unknown" string is present in the list prior to non-existent
> > > > domain, then exim treats the verified host as present in the hosts list.
> > >
> > > As specified.
> Also I want to add, that a result of verifying depends on the order of hosts in
> the hostlist:
>
>        1)   hostlist relay_from_hosts = non-existent-domain : 192.168.0.1
>             Relay from 192.168.0.1 not permitted.

>
>        2)   hostlist relay_from_hosts = 192.168.0.1 : non-existent-domain
>             Relay from 192.168.0.1 permitted.

>
> Is it also specified?
> > >
> > > > For example:
> > > >
> > > > 1) hostlist relay_from_hosts = non-existent-domain : 192.168.0.1
> > > >
> > > > In this case relay from 192.168.0.1 not permitted.
> > >
> > > Correct. Exim assumes you have screwed up by specifying a non-existent
> > > host. So it takes a cautious line.
> >    But it's wrong assumption, because it's may be a temporary dns problem,
> >   for example a error after regular reconfiguration. In this situation
> >   relay not permitted from all hosts until I'm fixed this error in dns.
> >   Relay from all hosts not permitted because of the problem with only the one.
> >   Imho, it's a wrong strategy.

> >
> > What about a smtp_ratelimit_hosts? In this case the rate limit is disabled for
> > all hosts. Is it right?
> >
> > >
> > > > 2) hostlist relay_from hosts = +include_unknown : non-existent-domain
> > > >
> > > > In this case relay permitted from any host.
> > >
> > > Sounds like you want a new feature called +ignore_unknown.
> > It will be the best solution. By default :)?
> > >
> > > --
> > >
> > --
> > P.S. I'm not recieved your letter to sand@???, so i can't reply.
> > -------------------------------------------------
> > Andrew V Stikheev               Russian Institute
> > E-mail: sand@???                  for
> > Phone:+7 095 192-9179            Public Networks

> >
>
>
> --
> -------------------------------------------------
> Andrew V Stikheev               Russian Institute
> E-mail: sand@???                  for
> Phone:+7 095 192-9179            Public Networks

>



--
-------------------------------------------------
Andrew V Stikheev               Russian Institute
E-mail: sand@???                  for
Phone:+7 095 192-9179            Public Networks