[exim] [Debian issue #244724] exim 4 uses double reverse loo…

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users, 244724
CC: Marc Haber
New-Topics: RE: [exim] [Debian issue #244724] exim 4 uses double reverse lookup forindexing into client password file
Subject: [exim] [Debian issue #244724] exim 4 uses double reverse lookup for indexing into client password file
Hi,

this is Debian issue #244724, which I currently consider a request for
clarification.

----- Forwarded message from Andre Heynatz <vetasana@???> -----

> I tried to configure exim4 for my ISP's mail account, 1&1. The hostname
> given by 1&1:
>
> auth.mail.onlinehome.de
>
> I created a passwd.client file with the following content:
>
> auth.mail.onlinehome.de:myusername:mypassword
>
> and changed other settings as described in
> /usr/share/doc/exim4-base/README.SMTP-AUTH.
>
>
> It does not work, the Exim4 log file tells the following:
>
>
> me@??? R=smarthost T=remote_smtp: SMTP error from remote mailer
> after MAIL FROM:<> SIZE=2357:
> host authmailonline.kundenserver.de [212.227.15.180]: 530 Authentication
> required
>
>
> After debugging the SMTP session, I found out that exim4 does not use the
> dc_smarthost value 'auth.mail.onlinehome.de' as lookup key for
> /etc/exim4/passwd.client, instead it does a DNS lookup:
>
>
> $ host auth.mail.onlinehome.de
> auth.mail.onlinehome.de is an alias for authmailonline.kundenserver.de.
> authmailonline.kundenserver.de has address 212.227.15.180
> authmailonline.kundenserver.de has address 212.227.15.132
> authmailonline.kundenserver.de has address 212.227.15.148
> authmailonline.kundenserver.de has address 212.227.15.164
>
>
> $ dig auth.mail.onlinehome.de
> ...
> ;; ANSWER SECTION:
> auth.mail.onlinehome.de. 1675   IN      CNAME   
> authmailonline.kundenserver.de.
> authmailonline.kundenserver.de. 808 IN  A       212.227.15.164
> authmailonline.kundenserver.de. 808 IN  A       212.227.15.180
> authmailonline.kundenserver.de. 808 IN  A       212.227.15.132
> authmailonline.kundenserver.de. 808 IN  A       212.227.15.148
> ...

>
>
> authmailonline.kundenserver.de is used as the key, and this key is not
> found. So the authentication fails, and the mail is frozen. In config
> files, the original hostname should be used for lookup.
>
>
> I do not know in which way exim4 does react if the ISP changes the DNS
> alias which they are free to do.


----- End forwarded message -----

Looks like exim does a double reverse lookup on the target host name,
and then uses the name obtained from that reverse lookup to obtain
user name and password to authenticate with. I do actually find this
unproductive in today's world where service providers frequently have
service CNAMEs pointing to different machines to be able to re-route
client requests for maintenance and repair. With exim doing that
double reverse lookup, an ISP re-pointing its service CNAMEs will
probably break exim clients authenticating.

Is there a reason that exim does it this way that I have missed?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835