[exim] verify = helo

Top Page
Delete this message
Reply to this message
Author: Brian Candler
Date:  
To: exim-users
Subject: [exim] verify = helo
I have an observation/request about verify = helo.

If I understand things rightly, 'verify = helo' will always fail if the
connecting host was not mentioned in helo_try_verify_hosts. However, setting
helo_try_verify_hosts=* will force DNS lookups for all incoming connections,
even if you don't make use of the verify condition later on.

I'm writing ACLs to allow users to choose their own set of conditions; and
I'd prefer not to require full forward/reverse DNS lookups to take place on
every incoming connection, if only some users are enabling 'verify = helo'

It seems to me it would be better if the logic were closer to that for
verify = reverse_host_lookup. That is: if the check has not already been
done, perform the check on demand. reverse_host_lookup has a three-state
logic:

   sender_host_name != NULL
      -> lookup already took place, and succeeded


   sender_host_name == NULL, host_lookup_failed != 0
      -> lookup already took place, and failed


   sender_host_name == NULL, host_lookup_failed == 0
      -> lookup has not yet taken place


Whereas, verify = helo has only two states (helo_verified == 0 or 1).

If this were changed, I think it might simplify things a bit (e.g. the
setting 'helo_try_verify_hosts' would no longer be needed; the verification
would be attempted iff verify=helo is invoked, and for helo_verify_hosts,
although that could be done in acl_smtp_helo anyway).

Any comments? Have I overlooked a fundamental reason why this can't be done?

Regards,

Brian.