Re: [exim] IPv6 address comparison, and callout vs VRFY

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Wouter Verhelst
CC: exim-users
Subject: Re: [exim] IPv6 address comparison, and callout vs VRFY
On Wed, 2004-11-17 at 20:15 +0100, Wouter Verhelst wrote:
> Hi,
>
> I've got two questions:
>
> * First, on a number of occasions I've had bugs in my exim.conf that
> occured because IPv6 addresses in exim, by default, aren't
> canonicalized. According to the IPv6 standards, "2001:ab8:37f:20::1"
> and "2001:ab8:38f:20:0:0:0:1" are equal. However, to exim -who does
> string comparison- they are not. This has bitten me on a number of
> occasions where I ran 'exim -bhc 2001:ab8:37f:20::1' to check my ACL
> rules, and was surprised that it didn't work afterwards, since exim
> compares the address in the ACL rule to an address in the second form,
> which it sees as different. Is there a way to canonicalize IPv6
> addresses before comparing them?


Hmm. That would be a bug. Does it manifest itself at any time other than
when you're using -bhc?

If I have IPv6 addresses in a hostlist, it seems I can specify the IPv6
address in any form on the command line and it'll match them correctly
when I connect from that address. OTOH if I have a hostname in the
hostlist, I have to use the canonical address on the command line to
make it match. Never does expanding the :: to strings of ':0:0:0...'
help for me with Exim 4.42 on Linux.

> * Second, I love exim's callout address checking feature, but I just
> wonder, why does exim use a regular SMTP conversation to test the
> existance of remote addresses, rather than using VRFY? It seems to me
> that the latter was especially made for this kind of thing, no?


Too few people implement VRFY and even fewer implement it properly. And
VRFY is for verifying the forward-path not the reverse-path; there are
addresses which verify with VRFY to which you could not send a bounce.

--
dwmw2