[exim] Re: [Debian issue #244724] exim 4 uses double?reverse…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
New-Topics: RE: [exim] Re: [Debian issue #244724] exim 4 usesdouble?reverselookupforindexing into client password file
Subject: [exim] Re: [Debian issue #244724] exim 4 uses double?reverselookupforindexing into client password file
Eli <eli-list@???> wrote:
> Marc wrote:

[...]
>> debug_print = "R: smarthost for $local_part@$domain"
>> driver = manualroute
>> domains = ! +local_domains
>> transport = remote_smtp_smarthost
>> route_list = * smarthost.fqdn.example byname
>> host_find_failed = defer
>> same_domain_copy_routing = yes
>> no_more

[...]
> "hosts_try_auth" expects a *HOST* list. Unfortunately for lack of better
> choices, a "host" list is in fact a list of IPs. You cannot specify a
> hostname in a hostlist.


No.

| .   If the pattern is a plain domain name (not a regular expression, not
|     starting with *, not a lookup of any kind), Exim calls the operating
|     system function to find the associated IP address(es). Exim uses the
|     newer "getipnodebyname()" function when available, otherwise
|     "gethostbyname()". This typically causes a forward DNS lookup of the
|     name. The result is compared with the IP address of the subject host.


[...]
> Exim now knows it's going to deliver the email to one of:


>> authmailonline.kundenserver.de. 808 IN  A       212.227.15.164
>> authmailonline.kundenserver.de. 808 IN  A       212.227.15.180
>> authmailonline.kundenserver.de. 808 IN  A       212.227.15.132
>> authmailonline.kundenserver.de. 808 IN  A       212.227.15.148


> It then passes control to the transport, which sets up delivery and checks
> host_try_auth. The problem is that Exim cares not about the hostname of the
> server at this point, it wants an IP to deliver to. Your config does an
> "exists" test on the "passwd.client" file, sees it and expands the ${if...}
> test to "smarthost.fqdn.example" which is illegal in a hostlist, so Exim
> ignores it. You then fail in SMTP auth since there's no confirmation of an
> IP and thus the problem.

[...]

Eh, no.

We are using {${lookup{$host} in the authenticator which "contains
the name of the server to which the client is connected".

This will work perfectly _unless_ smarthost.fqdn.example is a
CNAME.

We'll need to use a smarter lookup with or or save the original name
in $hosts_data.
           cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/