Re: [exim] How does exim handle the case of changing smartho…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] How does exim handle the case of changing smarthost DNS records?
Marc Haber <mh+exim-users@???> (So 07 Jan 2007 23:41:01 CET):
> On Sun, 7 Jan 2007 23:11:20 +0100, Heiko Schlittermann
> <hs@???> wrote:
> >Marc Haber <mh+exim-users@???> (So 07 Jan 2007 22:39:41 CET):
> >> this message ends with a debug output from exim 4.63 (Debian)
> >> delivering via a smarthost router (also quoted at the end) to a host
> >> that requires authentication. Exim is configured to authenticate, and
> >> does this most of the time. Other times, this is what happens:
> >>
> >> routed by smarthost router
> >> host gmail-smtp.l.google.com [209.85.133.111] port=587
> >> host gmail-smtp.l.google.com [209.85.133.109] port=587
> >> <snip>
> >> remote_smtp_smarthost transport entered
> >> <snip>
> >> Connecting to gmail-smtp.l.google.com [209.85.133.111]:587 ... connected
> >> <snip>
> >> 209.85.133.111 in hosts_require_auth? no (option unset)
> >> <snip>
> >> gethostbyname2 looked up these IP addresses:
> >> name=gmail-smtp.l.google.com address=64.233.185.111
> >> name=gmail-smtp.l.google.com address=64.233.185.109
> >> 209.85.133.111 in hosts_try_auth? no (end of list)
> >
> >It tries to find 209.85.133.111 in the hosts_try_auth list,
> >I suppose there's "smtp.gmail.com:..." (constructed from
> >passwd.client).
>
> It is smtp.gmail.com, constructed from DCsmarthost after cutting off
> everything behind the first colon. passwd.client is only an "exists"
> condition which is meant to avoid trying to authenticate when no
> password is present at all.
>
> >If I understand well, then exim does a A lookup for named entries in
> >the host list (and smtp.gmail.com is currently 64.233.183.109), so the
> >list looks as follows
> >
> >    hosts_try_auth = 64.233.183.109:...

> >
> >And this will not match the 209.85.133.111.
>
> Yes. Any idea how to fix this?


Not yet.
Below I'm just writing some thoughts, nothing new.
(I'll stop here, my wife is about giving a birth and I don't want
to miss it :-))

> >And some other hint:
> >--
> >gethostbyname2(af=inet6) returned 3 (NO_RECOVERY)
> >fully qualified name = gmail-smtp.l.google.com
> >gethostbyname2 looked up these IP addresses:
> > name=gmail-smtp.l.google.com address=209.85.133.111
> > name=gmail-smtp.l.google.com address=209.85.133.109
> >--
> >gethostbyname2(af=inet6) returned 3 (NO_RECOVERY)
> >gethostbyname2 looked up these IP addresses:
> > name=gmail-smtp.l.google.com address=64.233.185.111
> > name=gmail-smtp.l.google.com address=64.233.185.109
> >
> >
> >Appearantly during your debug session the addresses changed.
>
> Yes. This happens frequently, according to the bug reporter. So I need
> to build a way to make authentication work even when the smarthost
> address changes during the run time of a delivery process.


Hm. From the Spec(V.4.63, 30.2) I understand: the router passes the the
list of host names and IPs of your smarthost (209.85.133.{111,109}) to
the transport. During connection $host and $host_address contain the
data for the current connection, these values are used for
hosts_try_auth.

"hosts_try_auth" is a host list. After expansion it is:

    hosts_try_auth = smtp.gmail.com


Exim will lookup smtp.gmail.com (and here it gets 64... in your example)
and then compare the result with the host it's connected to.

--
Heiko