[exim] Problems arroung qualify_singe after exim 4.52 (and s…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Robert Bannocks
Date:  
À: exim-users
Sujet: [exim] Problems arroung qualify_singe after exim 4.52 (and so with 4.66)
I have encountered a problem in upgrading exim to 4.66.
I have chased this back to a change that was made in 4.53 and this look
like a bug to me.

In summary e-mail addresses in which the hostname was not fully
qualified are
no longer accepted at SMTP time, however, exim -bv says that the address
is valid.
This appears to be a bug with qualify_single. Which is not set in my
configure
file and so should default to true.

Symptoms:

Using exim 4.66 I can route locally machines with short form names, e.g.

bash-2.05# exim -bV
Exim version 4.66 #1 built 23-Jan-2007 15:31:59
Copyright (c) University of Cambridge 2006
Probably ndbm
Support for: iconv() Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dnsdb ldap
ldapdn ldapm
Authenticators:
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 4
Configuration file is /usr/local/exim/configure
bash-2.05# exim -bv root@somehost
root@somehost verified

However when I address a messages like this the SMTP dialogue is:

bash-2.05# telnet mailserver smtp
Trying 157.140.2.2...
Connected to jess.
Escape character is '^]'.
220 jess.nhm.ac.uk ESMTP Exim 4.66 Thu, 01 Feb 2007 18:03:27 +0000
ehlo somehost.nhm.ac.uk
250-jess.nhm.ac.uk Hello mailserver.nhm.ac.uk [157.140.2.2]
250-SIZE 20971520
250-PIPELINING
250 HELP
mail from:<Root@somehost>
250 OK
rcpt to:<A.local-user@nhm>
550-Verification failed for <Root@somehost>
550-Unrouteable address
550 Sender verify failed

Running a debug on port 26 with the same SMTP session as above produces
the following out put:
;; res_nquerydomain(153.15.140.157.in-addr.arpa, <Nil>, 1, 12)
;; res_query(153.15.140.157.in-addr.arpa, 1, 12)
;; res_nmkquery(QUERY, 153.15.140.157.in-addr.arpa, IN, PTR)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61985
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      153.15.140.157.in-addr.arpa, type = PTR, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61985
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;;      153.15.140.157.in-addr.arpa, type = PTR, class = IN
153.15.140.157.in-addr.arpa.  1D IN PTR  somehost.nhm.ac.uk.
140.157.in-addr.arpa.   1D IN NS        dns.nhm.ac.uk.
140.157.in-addr.arpa.   1D IN NS        ns1.ja.net.
140.157.in-addr.arpa.   1D IN NS        mailserver.nhm.ac.uk.
dns.nhm.ac.uk.          1D IN A         157.140.2.4
ns1.ja.net.             20m59s IN A     194.81.227.226
ns1.ja.net.             21m2s IN AAAA   2001:630:0:44::e2
mailserver.nhm.ac.uk.   1D IN A         157.140.2.2
;; res_nquerydomain(somehost, <Nil>, 1, 15)
;; res_query(somehost, 1, 15)
;; res_nmkquery(QUERY, somehost, IN, MX)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61986
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      somehost, type = MX, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61986
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;;      somehost, type = MX, class = IN
.                       2h49m37s IN SOA  A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. (
                                        2007020100      ; serial
                                        30M             ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum


;; rcode = 3, ancount=0

And the stderror ends:

18:07:41 28510 --------> dnslookup router <--------
18:07:41 28510 local_part=root domain=somehost
18:07:41 28510 checking domains
18:07:41 28510 somehost in "nhm.ac.uk : mailserver.nhm.ac.uk :
nhm.nhm.ac.uk : ftp.nhm.ac.uk : jess.nhm.ac.uk : pat.nhm.ac.uk :
mailman.nhm.ac.uk : nature.
ac.uk"? no (end of list)
18:07:41 28510 somehost in "! +local_domains"? yes (end of list)
18:07:41 28510 calling dnslookup router
18:07:41 28510 dnslookup router called for root@somehost
18:07:41 28510 domain = somehost
18:07:41 28510 DNS lookup of somehost (MX) gave HOST_NOT_FOUND
18:07:41 28510 returning DNS_NOMATCH
18:07:41 28510 dnslookup router declined for root@somehost
18:07:41 28510 "more" is false: skipping remaining routers
18:07:41 28510 no more routers
18:07:41 28510 ----------- end verify ------------
18:07:41 28510 require: condition test failed
18:07:41 28510 LOG: MAIN REJECT
18:07:41 28510 H=somehost.nhm.ac.uk (somehost) [157.140.15.153] sender
verify fail for <root@somehost>: Unrouteable address
18:07:41 28510 SMTP>> 550-Verification failed for <root@somehost>
18:07:41 28510 SMTP>> 550-Unrouteable address
18:07:41 28510 SMTP>> 550 Sender verify failed
18:07:41 28510 LOG: MAIN REJECT
18:07:41 28510 H=somehost.nhm.ac.uk (somehost) [157.140.15.153]
F=<root@somehost> rejected RCPT <a.local-user@nhm>: Sender verify failed
18:07:46 28510 SMTP<< quit
18:07:46 28510 SMTP>> 221 jess.nhm.ac.uk closing connection
18:07:46 28510 LOG: smtp_connection MAIN
18:07:46 28510 SMTP connection from somehost.nhm.ac.uk (somehost)
[157.140.15.153] closed by QUIT
18:07:46 28510 search_tidyup called
18:07:46 28502 child 28510 ended: status=0x0
18:07:46 28502 0 SMTP accept processes now running
18:07:46 28502 Listening...

Now repeating the same with exim 4.52 (running on port 26) exim accepts
the message (I am using the same configuration file)

/usr/local/opt/exim/exim-4.52/bin/exim -bd -oX 26 -d+all 2>/tmp/debug453
;; res_nquerydomain(153.15.140.157.in-addr.arpa, <Nil>, 1, 12)
;; res_query(153.15.140.157.in-addr.arpa, 1, 12)
;; res_nmkquery(QUERY, 153.15.140.157.in-addr.arpa, IN, PTR)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32536
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      153.15.140.157.in-addr.arpa, type = PTR, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32536
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;;      153.15.140.157.in-addr.arpa, type = PTR, class = IN
153.15.140.157.in-addr.arpa.  1D IN PTR  somehost.nhm.ac.uk.
140.157.in-addr.arpa.   1D IN NS        dns.nhm.ac.uk.
140.157.in-addr.arpa.   1D IN NS        ns1.ja.net.
140.157.in-addr.arpa.   1D IN NS        mailserver.nhm.ac.uk.
dns.nhm.ac.uk.          1D IN A         157.140.2.4
ns1.ja.net.             14m54s IN A     194.81.227.226
ns1.ja.net.             14m57s IN AAAA  2001:630:0:44::e2
mailserver.nhm.ac.uk.   1D IN A         157.140.2.2
;; res_nquerydomain(somehost, nhm.ac.uk, 1, 15)
;; res_query(somehost.nhm.ac.uk, 1, 15)
;; res_nmkquery(QUERY, somehost.nhm.ac.uk, IN, MX)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32537
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      somehost.nhm.ac.uk, type = MX, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32537
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;;      somehost.nhm.ac.uk, type = MX, class = IN
nhm.ac.uk.              1D IN SOA       dns.nhm.ac.uk. root.nhm.ac.uk. (
                                        2007013014      ; serial
                                        1h20m           ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        1D )            ; minimum


;; rcode = 0, ancount=0
;; res_nquerydomain(somehost, <Nil>, 1, 15)
;; res_query(somehost, 1, 15)
;; res_nmkquery(QUERY, somehost, IN, MX)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32538
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      somehost, type = MX, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32538
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;;      somehost, type = MX, class = IN
.                       2h43m34s IN SOA  A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. (
                                        2007020100      ; serial
                                        30M             ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum


;; rcode = 3, ancount=0
;; res_nquerydomain(somehost, nhm.ac.uk, 1, 1)
;; res_query(somehost.nhm.ac.uk, 1, 1)
;; res_nmkquery(QUERY, somehost.nhm.ac.uk, IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32539
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      somehost.nhm.ac.uk, type = A, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32539
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;;      somehost.nhm.ac.uk, type = A, class = IN
somehost.nhm.ac.uk.   1D IN A         157.140.15.153
nhm.ac.uk.              1D IN NS        dns.nhm.ac.uk.
nhm.ac.uk.              1D IN NS        ns1.ja.net.
nhm.ac.uk.              1D IN NS        mailserver.nhm.ac.uk.
dns.nhm.ac.uk.          1D IN A         157.140.2.4
ns1.ja.net.             14m25s IN A     194.81.227.226
ns1.ja.net.             14m28s IN AAAA  2001:630:0:44::e2
mailserver.nhm.ac.uk.   1D IN A         157.140.2.2
;; res_nquerydomain(somehost.nhm.ac.uk, <Nil>, 1, 15)
;; res_query(somehost.nhm.ac.uk, 1, 15)
;; res_nmkquery(QUERY, somehost.nhm.ac.uk, IN, MX)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32540
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      somehost.nhm.ac.uk, type = MX, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32540
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;;      somehost.nhm.ac.uk, type = MX, class = IN
nhm.ac.uk.              1D IN SOA       dns.nhm.ac.uk. root.nhm.ac.uk. (
                                        2007013014      ; serial
                                        1h20m           ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        1D )            ; minimum


;; rcode = 0, ancount=0
;; res_nquerydomain(somehost.nhm.ac.uk, <Nil>, 1, 1)
;; res_query(somehost.nhm.ac.uk, 1, 1)
;; res_nmkquery(QUERY, somehost.nhm.ac.uk, IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32541
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      somehost.nhm.ac.uk, type = A, class = IN
;; Querying server (# 1) address = 157.140.2.2
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32541
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;;      somehost.nhm.ac.uk, type = A, class = IN
somehost.nhm.ac.uk.   1D IN A         157.140.15.153
nhm.ac.uk.              1D IN NS        dns.nhm.ac.uk.
nhm.ac.uk.              1D IN NS        ns1.ja.net.
nhm.ac.uk.              1D IN NS        mailserver.nhm.ac.uk.
dns.nhm.ac.uk.          1D IN A         157.140.2.4
ns1.ja.net.             14m25s IN A     194.81.227.226
ns1.ja.net.             14m28s IN AAAA  2001:630:0:44::e2
mailserver.nhm.ac.uk.   1D IN A         157.140.2.2


and the end of the debug output (the relevant section) is:

18:13:44 156 --------> dnslookup router <--------
18:13:44 156 local_part=root domain=somehost.nhm.ac.uk
18:13:44 156 checking domains
18:13:44 156 somehost.nhm.ac.uk in "nhm.ac.uk : mailserver.nhm.ac.uk :
nhm.nhm.ac.uk : ftp.nhm.ac.uk : jess.nhm.ac.uk : pat.nhm.ac.uk :
mailman.nhm.ac.uk
: nature.ac.uk"? no (end of list)
18:13:44 156 somehost.nhm.ac.uk in "! +local_domains"? yes (end of
list)
18:13:44 156 calling dnslookup router
18:13:44 156 dnslookup router called for root@???
18:13:44 156 domain = somehost.nhm.ac.uk
18:13:44 156 DNS lookup of somehost.nhm.ac.uk (MX) gave NO_DATA
18:13:44 156 returning DNS_NODATA
18:13:44 156 DNS lookup of somehost.nhm.ac.uk (A) succeeded
18:13:44 156 157.140.15.153 in "0.0.0.0 : 127.0.0.0/8"? no (end of
list)
18:13:44 156 fully qualified name = somehost.nhm.ac.uk
18:13:44 156 somehost.nhm.ac.uk 157.140.15.153 mx=-1 sort=-397
18:13:44 156 set transport remote_smtp
18:13:44 156 queued for remote_smtp transport: local_part = root
18:13:44 156 domain = somehost.nhm.ac.uk
18:13:44 156 errors_to=NULL
18:13:44 156 domain_data=NULL localpart_data=NULL
18:13:44 156 routed by dnslookup router
18:13:44 156 envelope to: root@???
18:13:44 156 transport: remote_smtp
18:13:44 156 host somehost.nhm.ac.uk [157.140.15.153]
18:13:44 156 ----------- end verify ------------
18:13:44 156 sender root@somehost verified ok as
root@???
18:13:44 156 require: condition test succeeded
18:13:44 156 processing "accept"
18:13:44 156 check domains = +local_domains
18:13:44 156 nhm in "nhm.ac.uk : mailserver.nhm.ac.uk : nhm.nhm.ac.uk
: ftp.nhm.ac.uk : jess.nhm.ac.uk : pat.nhm.ac.uk : mailman.nhm.ac.uk :
nature.ac.uk"?
no (end of list)
18:13:44 156 nhm in "+local_domains"? no (end of list)
18:13:44 156 accept: condition test failed
18:13:44 156 processing "accept"
18:13:44 156 check domains = +relay_to_domains
18:13:44 156 nhm in "*.nhm.ac.uk : nature.ac.uk"? no (end of list)
18:13:44 156 nhm in "+relay_to_domains"? no (end of list)
18:13:44 156 accept: condition test failed
18:13:44 156 processing "accept"
18:13:44 156 check hosts = +relay_from_hosts
18:13:44 156 cached yes match for +relay_from_hosts
18:13:44 156 cached lookup data = NULL
18:13:44 156 host in "+relay_from_hosts"? yes (matched
"+relay_from_hosts" - cached)
18:13:44 156 accept: condition test succeeded
18:13:44 156 SMTP>> 250 Accepted
18:13:49 156 SMTP<< quit
18:13:49 156 SMTP>> 221 jess.nhm.ac.uk closing connection
18:13:49 156 LOG: smtp_connection MAIN
18:13:49 156 SMTP connection from somehost.nhm.ac.uk (somehost)
[157.140.15.153] closed by QUIT
18:13:49 156 search_tidyup called
18:13:49 137 child 156 ended: status=0x0
18:13:49 137 0 SMTP accept processes now running
18:13:49 137 Listening...

So the message is accepted. The dnslookup router is as follows:

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

the appropriate section of the acl is:


  accept  domains       = +local_domains
          endpass
          message       = unknown user
          verify        = recipient


# Accept if the address is in a domain for which we are relaying, but
again,
# only if the recipient can be verified.

  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient


just for completeness:
bash-2.05# /usr/local/opt/exim/exim-4.52/bin/exim -bv root@somehost
root@somehost verified

somehost is a valid localhost in the dns. (I have changed the name for
the mailing list)

The same behaviour seen with 4.66 is seen if I use 4.53. So it seems
that there is some
bug in the code that affect qualify_single when run as a daemon but not
when testing on
the command line.

So the question is this a known bug (the only references my searching
threw up relate to
4.30 and were from several years ago) can it be fixed.

Any help appreciated

Kiitos

RB