------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
http://www.exim.org/bugzilla/show_bug.cgi?id=440
Summary: dnslists '=' following '!=' treated as '!='
Product: Exim
Version: 4.64
Platform: Other
OS/Version: All
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
AssignedTo: ph10@???
ReportedBy: anomie@???
QAContact: exim-dev@???
When using an ACL like this:
deny dnslists = foo.example.com!=127.0.0.2 : bar.example.com=127.0.0.2
If the host is not listed in foo.example.com (or is with 127.0.0.2), but is
listed in bar.example.com with 127.0.0.2, the deny will not occur as expected.
The -bh debug output says
>>> processing "deny"
>>> check dnslists = foo.example.com!=127.0.0.2 : bar.example.com=127.0.0.2
>>> DNS list check: foo.example.com!=127.0.0.2
>>> new DNS lookup for 1.0.0.10.foo.example.com
>>> DNS lookup for 1.0.0.10.foo.example.com failed
>>> => that means 10.0.0.1 is not listed at foo.example.com
>>> DNS list check: bar.example.com=127.0.0.2
>>> new DNS lookup for 1.0.0.10.bar.example.com
>>> DNS lookup for 1.0.0.10.bar.example.com succeeded (yielding 127.0.0.2)
>>> => but we are not accepting this block class because
>>> => there was an exclude match for =127.0.0.2
>>> deny: condition test failed
Note the second-to-last line claiming an exclude match: invert_result is not
getting reset for each domain in the dnslists list.
In verify.c function verify_check_dnsbl, moving the "invert_result = FALSE" to
inside the while loop fixes it.
--
Configure bugmail:
http://www.exim.org/bugzilla/userprefs.cgi?tab=email
