Re: [exim] Sender Callout Verification on non-default NI

Top Page
Delete this message
Reply to this message
Author: Dan Shoop
Date:  
To: Tony Finch
CC: exim-users
Subject: Re: [exim] Sender Callout Verification on non-default NI
At 2:03 PM +0000 12/1/04, Tony Finch wrote:
>On Tue, 30 Nov 2004, Dan Shoop wrote:
>>
>> I want to teach exim to do Sender Callout Verification through the NI that
>> attaches to the DSL network by the IP address 10.123.119.19 and does permit
>> port 25 traffic. It would seem as if the "interface" qualifier should be
>> useful here.
>>
>> Yet it always seems to try and callout through the default NI regardless.
>
>The callout code appears to do the appropriate interfate handling. What
>does the debug output say?


Thanks for your response!

Well the ACL is getting skipped:

2004-12-07 01:58:35 H=mxout3.mailhop.org [63.208.196.167] Warning:
ACL "warn" statement skipped: condition test deferred: Could not
complete sender verify callout

Running with -d looks like we're using the right routers and
transports and even the right interface, but we're getting SMTP
timeouts, like I'd expect if it was going out on the default route
and NI (which blocks port 25):

20853 check !verify = sender/callout
20853 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
20853 Verifying shoop@???
20853 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
20853 Considering shoop@???
20853 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
20853 routing shoop@???
20853 --------> smartroute router <--------
20853 local_part=shoop domain=giftgang.com
20853 smartroute router skipped: verify 1 0 0
20853 --------> this_router_verifies_addresses router <--------
20853 local_part=shoop domain=giftgang.com
20853 checking domains
20853 giftgang.com in
"@:iwiring.net:sneeches.iwiring.net:ooblek.iwiring.net:iwiring.homeip.net:dhipster.homeip.net:dagati.homeip.net"?
no (end of list)
20853 giftgang.com in "!+local_domains"? yes (end of list)
20853 calling this_router_verifies_addresses router
20853 this_router_verifies_addresses router called for shoop@???
20853 domain = giftgang.com
20853 DNS lookup of giftgang.com (MX) gave NO_DATA
20853 returning DNS_NODATA
20853 DNS lookup of giftgang.com (A) succeeded
20853 fully qualified name = giftgang.com
20853 giftgang.com 82.165.244.77 mx=-1 sort=-71
20853 set transport verify_smtp
20853 queued for verify_smtp transport: local_part = shoop
20853 domain = giftgang.com
20853 errors_to=NULL
20853 domain_data=NULL localpart_data=NULL
20853 routed by this_router_verifies_addresses router
20853 envelope to: shoop@???
20853 transport: verify_smtp
20853 host giftgang.com [82.165.244.77]
20853 Attempting full verification using callout
20853 locking /var/spool/exim/db/callout.lockfile
20853 locked /var/spool/exim/db/callout.lockfile
20853 opened hints database /var/spool/exim/db/callout: flags=2
20853 dbfn_read: key=giftgang.com
20853 callout cache: no domain record found
20853 dbfn_read: key=shoop@???
20853 callout cache: no address record found
20853 interface=10.123.119.19 port=25
20853 Connecting to giftgang.com [82.165.244.77]:25 from
10.123.119.19 ... connected
20853 SMTP timeout
20853 SMTP>> QUIT
20853 ----------- end verify ------------
20853 warn: condition test deferred
20853 LOG: MAIN
20853 H=localhost [127.0.0.1] Warning: ACL "warn" statement
skipped: condition test deferred: Could not complete sender verify
callout

The above seems to suggest perhaps a timeout issue?


Yet I can manually connect to hosts through it. Here I have an
explicit route to the host in the previous sender callout
verification test run above using the desired NI:

% telnet 82.165.244.77 25
Trying 82.165.244.77...
Connected to giftgang.com.
Escape character is '^]'.
220 giftgang.com ESMTP
quit
221 giftgang.com
Connection closed by foreign host.

% netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGSc       12       80    en1
10.123.119/24      link#7             UCS         1        0    en5
10.123.119.1       0:40:10:13:98:5e   UHLW        1        0    en5    956
10.123.119.19      127.0.0.1          UHS         0        0    lo0
82.165.244.77      10.123.119.1       UGHS        0    51124    en5
127                127.0.0.1          UCS         0        0    lo0
127.0.0.1          127.0.0.1          UH         14  1064359    lo0
169.254            link#5             UCS         0        0    en1
192.168.1          link#5             UCS         3        0    en1
192.168.1.1        0:4:5a:d5:f1:93    UHLW       10      100    en1   1005
192.168.1.10       127.0.0.1          UHS         0       98    lo0



I also see things like:

20887 Connecting to mx4.mail.yahoo.com [66.218.86.199]:25 from
10.123.119.19 ... failed
20887 interface=10.123.119.19 port=25


So I guess I'm further along in that I understand that I'm getting
SMTP failures through this port in exim, but don't understand why.

Any further ideas?
--

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                     http://www.iwiring.net/
shoop@???                                 http://www.ustsvs.com/


pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B

iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.