Re: [exim] problem with certain DNS lookups for NS records

Pàgina inicial
Delete this message
Reply to this message
Autor: Giuliano Gavazzi
Data:  
A: exim-users
Assumpte: Re: [exim] problem with certain DNS lookups for NS records

On 5 Feb 2006, at 22:08, Fred Viles wrote:

> On 5 Feb 2006 at 19:16, Giuliano Gavazzi wrote about
>     "[exim] problem with certain DNS loo":

>
> | let me cut it short:
> |
> | set acl_c9 = ${lookup dnsdb{ns=152/29.160.221.217.in-addr.arpa}
> | {$value}{none}}
> |
> | should give ns.ondecorte.net and instead it gives none.
>
> It may be relevant that the zone is also delegated to a lame server
> (ns.humph.com).


it is not relevant as far as I can see, but, yes, thank you!, I think
I know why it happened.... (now fixed).

The problem might be the / in 152/29.160.221.217.in-addr.arpa.
Look at this (session from the relevant IP to the server, merged
named queries and exim log, acl below), the query is simply not
performed:

06-Feb-2006 08:46:53.485 client 127.0.0.1#50194: view home: query:
157.160.221.217.in-addr.arpa IN PTR +
[...]
06-Feb-2006 08:47:09.391 client 127.0.0.1#50202: view home: query:
157.160.221.217.sbl.spamhaus.org IN A +
06-Feb-2006 08:47:09.391 client 127.0.0.1#50203: view home: query:
elfo.org IN MX +
06-Feb-2006 08:47:09.393 client 127.0.0.1#50204: view home: query:
elfo.org IN MX +
06-Feb-2006 08:47:09.396 client 127.0.0.1#50205: view home: query:
elfo.org IN MX +
06-Feb-2006 08:47:17.399 client 127.0.0.1#50206: view home: query:
157.160.221.217.in-addr.arpa IN CNAME +
2006-02-06 08:47:17 IU99ML-000910-NR cname: 157.152/29.160.221.217.in-
addr.arpa
2006-02-06 08:47:17 IU99ML-000910-NR lookup key:
152/29.160.221.217.in-addr.arpa
2006-02-06 08:47:17 IU99ML-000910-NR result: none
06-Feb-2006 08:47:17.400 client 127.0.0.1#50207: view home: query:
160.221.217.in-addr.arpa IN NS +
2006-02-06 08:47:17 IU99ML-000910-NR <= xxxxxx @elfo.org
H=tempesta.elfo.org [217.221.160.157] P=smtp S=272
2006-02-06 08:47:17 IU99ML-000910-NR => xxxxxx <xxxxxx @humph.com>
R=localuser T=local_delivery
2006-02-06 08:47:17 IU99ML-000910-NR Completed


warn    !authenticated = *
    set acl_c9 = ${lookup dnsdb{cname=${if match {$sender_host_address}\  
<<< PERFORMED
                         {\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}\
                         {$4.$3.$2.$1.in-addr.arpa}fail}}{$value}{none}}
    logwrite = cname: $acl_c9
    condition = ${if !eq{$acl_c9}{none}}
    set acl_c9 = ${if match {$acl_c9}{\N^(\d+)\.(.+)$\N}{$2}fail}
    logwrite = lookup key: $acl_c9
    set acl_c9 = ${lookup dnsdb{ns=$acl_c9}{$value}{none}} <<< NOT  
PERFORMED
    logwrite = result: $acl_c9



the lookup that is not performed should give ns.ondecorte.net
ns.humph.com.

warn    !authenticated = *
    condition = ${if eq{$acl_c9}{none}}
    set acl_c9 = ${lookup dnsdb{ns=${if match {$sender_host_address}\  
<<< PERFORMED
                         {\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}\
                         {$3.$2.$1.in-addr.arpa}fail}}{$value}{none}}
    condition = ${if eq{$acl_c9}{none}}                           <<< OUT
    set acl_c9 = ${lookup dnsdb{ns=${if match {$sender_host_address}\
                         {\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}\
                         {$2.$1.in-addr.arpa}fail}}{$value}{none}}
    condition = ${if eq{$acl_c9}{none}}
    set acl_c9 = ${lookup dnsdb{ns=${if match {$sender_host_address}\
                         {\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}\
                         {$1.in-addr.arpa}fail}}{$value}{none}}


warn    !authenticated = *
         message = X-HUMPH-Peer-rDNS: ${tr {$acl_c9}{\r\n}{\ }}