Re: [exim-dev] Authenticated_id and redirect condition

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Leszek Dubiel
CC: exim-dev
Subject: Re: [exim-dev] Authenticated_id and redirect condition
On Wed, 11 Apr 2007, Leszek Dubiel wrote:

> > Warning 2: If the unseen option is set on the router, all header
> > additions are deleted when the address is passed on to subsequent
> > routers.


OK, I've now looked at this. It is indeed the warning above that is
causing this effect. What happens is this:

1. Start with a single recipient, nowak.

2. The router checks the authenticated sender, it matches, so the router
runs.

3. A new recipient, kowalski, is generated, with additional headers, but
because of the "unseen", the original recipient, nowak, is passed to
the next router, WITHOUT any added headers (because of "warning 2").
This is ultimately delivered to nowak, so we don't follow it further.

4. The new recipient is re-routed from the start.

5. The router checks the authenticated sender, it matches, so the router
runs because it hasn't previously handled kowalski.

6. A new recipient, kowalski, is generated, with additional headers, but
because of the "unseen", the original recipient, also kowalski, is
passed to the next router, WITHOUT any added headers (because of
"warning 2").

7. The new recipient is re-routed from the start, but Exim notices that
it is a duplicate of another recipient, so it is discarded. This
leaves the recipient without the headers as the one that gets
delivered.

The problem is that you are generating two copies of the same address,
one with added headers and one without. Exim is not clever enough to
notice this. It just discards the second one that it sees.

When you change the router's condition to check local part rather than
the authenticated sender, step 5 no longer runs, because the local part
has changed. Steps 6 and 7 don't happen either, so the version with the
added headers is the one that is delivered.

This is the same when you set repeat_use=false; it stops step 5 from
happening.

You are using Exim 4.50. As it happens, the way Exim handles duplicates
changed at release 4.51. This is the ChangeLog entry:

PH/37 Exim used to check for duplicate addresses in the middle of
      routing, on the grounds that routing the same address twice would
      always produce the same answer. This might have been true once,
      but it is certainly no longer true now. Routing a child address
      may depend on the previous routing that produced that child. Some
      complicated redirection strategies went wrong when messages had
      multiple recipients, and made Exim's behaviour dependent on the
      order in which the addresses were given.


      I have moved the duplicate checking until after the routing is
      complete. Exim scans the addresses that are assigned to local and
      remote transports, and removes any duplicates. This means that
      more work will be done, as duplicates will always all be routed,
      but duplicates are presumably rare, so I don't expect this is of
      any significance.


      For deliveries to pipes, files, and autoreplies, the duplicate
      checking still happens during the routing process, since they are
      not going to be routed further.


You may find the behaviour is different with the current Exim release.
However, the correct configuration is indeed to add repeat_use=false so
that you don't generated two identical recipients with different header
modifications.

Philip

--
Philip Hazel, University of Cambridge Computing Service.