Re: [exim] dnsdb anomaly?

Top Page
Delete this message
Reply to this message
Author: Andrew - Supernews
Date:  
To: exim users
Subject: Re: [exim] dnsdb anomaly?
>>>>> "W" == W B Hacker <wbh@???> writes:

W> Folks,
W> Trying to get my virtual 'arms' around an apparent anomaly within
W> dnsdb lookups:


W> From the 4.6X spec:


W> ${lookup dnsdb{mx=a.b.example}{$value}fail}


W> When implemented as:


 W>    # C1X Test DNS lookup for A record
 W>    warn
 W>      condition   = ${lookup dnsdb{a=$sender_host_address}{$value}fail}


This is wrong for three reasons.

Firstly, you're trying to look up the A record for "71.247.128.142.", which
of course should not exist. (Some DNS resolvers, i.e. djb's, will fake one
for you.)

Secondly, the value in a condition = clause is supposed to be a true/false
indication, not the value of the dnsdb lookup, so returning {$value} is
always wrong there.

Thirdly, exim already looked up the A and PTR records for you if host_lookup
matched the address or you referred to $sender_host_name somewhere, or
used verify = reverse_host_lookup.

Using dnsdb correctly is trickier than it looks because of the need to
handle temporary failures sanely.

As for your results, don't bother with redacted logs, just show us the
exim -bh session.

W> Second, is there a better 'road well traveled' to discern whether
W> and when Exim's host lookup has (already) specifically found a PTR
W> record, or has been satisfied by an 'A' (or other) record only?


verify = reverse_host_lookup can only be satisfied by a matching set
of: PTR record(s) for the client IP, and an A record for one of the
PTR record values found which points back to the client IP.

The only time it is meaningful to consider finding an A record _without_
having found a PTR record is when verifying the _HELO_, which is a
totally separate matter.

--
Andrew, Supernews
http://www.supernews.com