Re: [exim] Help with ACL

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Ruth Ivimey-Cook
CC: exim-users, qq
Subject: Re: [exim] Help with ACL
On Wed, 19 Jan 2005, Ruth Ivimey-Cook wrote:
>
> The reject logs include:
>
> 2005-01-18 22:51:21 H=(gatekeeper36.totaljobsmail.co.uk) [193.128.115.36]
> F=<cwjobs@???> rejected RCPT <ruth@???>: host lookup
> failed (193.128.115.36 does not match any IP address for gatekeeper36.totaljobsmail.co.uk)
>
>   accept  hosts        = /etc/exim/noverify_hosts

>
>   # If reverse DNS lookup of the sender's host fails (i.e. there is
>   # no rDNS entry, or a forward lookup of the resulting name does not
>   # match the original IP address), then reject the message.
>   #
>   #deny      message    = reverse DNS lookup failed for host $sender_host_address.
>   #      !verify    = reverse_host_lookup

>
> and the file noverify-hosts includes the lines:
>
> #Totaljobs
> *.totaljobs.co.uk
> *.totaljobsmail.co.uk


See section 10.13 of the spec which explains your problem. If the host is
going to fail reverse_host_lookup it's probably also going to fail to
match your noverify_hosts list.

10.13 Host list patterns that match by host name

There are several types of pattern that require Exim to know the name of the
remote host. These are either wildcard patterns or lookups by name. (If a
complete hostname is given without any wildcarding, it is used to find an IP
address to match against, as described in the section 10.11 above.)

If the remote host name is not already known when Exim encounters one of these
patterns, it has to be found from the IP address. Although many sites on the   |
Internet are conscientious about maintaining reverse DNS data for their hosts, |
there are also many that do not do this. Consequently, a name cannot always be |
found, and this may lead to unwanted effects. Take care when configuring host  |
lists with wildcarded name patterns. Consider what will happen if a name       |
cannot be found.                                                               |
                                                                               |
Because of the problems of determining host names from IP addresses, matching  |
against host names is not as common as matching against IP addresses.          |
                                                                               |
By default, in order to find a host name, Exim first does a reverse DNS        |
lookup; if no name is found in the DNS, the system function ("gethostbyaddr()" |
or "getipnodebyaddr()" if available) is tried. The order in which these        |
lookups are done can be changed by setting the "host_lookup_order" option.     |
                                                                               |
There are some options that control what happens if a host name cannot be      |
found. These are described in section 10.14 below.                             |


Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}