W B Hacker wrote:
> W B Hacker wrote:
>> Dean Brooks wrote:
>>> On Sun, May 10, 2009 at 02:37:20AM +0800, W B Hacker wrote:
>>>> Brian Blood wrote:
>>>> I get the impression those participating in the thread are not aware
>>>> that the Exim reverse_host_lookup has sufficiently thorough logic to
>>>> discriminate between 'good enough' and 'NFW' returns.
>>> Neither reverse_host_lookup or the $host_lookup_failed variables are
>>> acceptable for testing explicitly for the existance of PTR records.
>>> Both will fail if the forward lookup fails.
>>>
>>> Also, those mechanisms do not give enough granularity over DNS
>>> timeouts on *just* the PTR lookup itself. The $host_lookup_deferred
>>> will be set if either the PTR or the forward lookup times out, which
>>> compounds the problem further.
>>>
>>> I am unaware of any other way to do this without using dnsdb.
>>>
>>> --
>>> Dean Brooks
>>> dean@???
>>>
>> I believe your last statement.
>>
>> That doesn't flag it immutable.
>>
>>
>> What do you suppose this does?
>>
>>
>> # C_1 PTR RR Test
>> #
>> warn
>> condition = ${if eq{$sender_host_name}{}{yes}{no}}
>> log_message = C_1 Null return for PTR RR search. KMELHEA
>>
>> The real 'experts' here can probably do that in 1/10 the byte-count...
>>
>> Bill
>>
>
> .. or at least fix it 'coz it was the wrong one..
>
> ;-)
>
> THIS is what works:
>
> # CONNECT_3A BFBI test for outright absence of a PTR RR
> #
> deny
> logwrite = C3A Checking for basic presence of PTR RR
> condition = ${if eq{$interface_port}{25}}
> !hosts = : +relay_from_hosts
> condition = ${if and{{def:sender_host_address} \
> {!def:sender_host_name}}{yes}{no}}
> log_message = C3A No PTR RR found for $sender_host_address
>
>
> NB: key conditional shamelessly stolen from a post by Marc Sherman 3+
> years ago:
>
> http://www.mail-archive.com/exim-users@exim.org/msg08258.html
>
> Exemptions for our non-MTA boxen's cron reports and port 587 submission
> inferred.
>
> TESTED today to NOT trigger on 'generic' PTR RR, NOR on 'stale'
> (once-valid, but now 'orphaned') PTR RR's.
>
My bad.
Flawed test, sad to say.
:-(
But the verdamnt information we need is 'inside' there, around line 1730
in ~/src/host.c, where:
(Mind the MUA-munge on indenting and line-wraps)
======
/* If we have failed to find a name, return FAIL and log when required.
NB host_lookup_msg must be in permanent store. */
if (sender_host_name == NULL)
{
if (host_checking || !log_testing_mode)
log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
"address %s", sender_host_address);
host_lookup_msg = US" (failed to find host name from IP address)";
host_lookup_failed = TRUE;
return FAIL;
}
====
All we need to do is differentiate THAT particular 'NULL'
sender_host_name return from the identical content that will be returned
if we DO find a PTR RR but it proves to not match in the rest of that
module.
so...
=====
/* If we have failed to find a name, return FAIL and log when required.
NB host_lookup_msg must be in permanent store. */
if (sender_host_name == NULL)
{
if (host_checking || !log_testing_mode)
log_write(L_host_lookup_failed, LOG_MAIN, "no host name found for IP "
"address %s", sender_host_address);
host_lookup_msg = US" (failed to find host name from IP address)";
host_lookup_failed = TRUE;
sender_host_name = sender_host_address;
return FAIL;
}
====
Inserting one line of code:
sender_host_name = sender_host_address;
... to utilize existing variables might be the mark of a Hacker (hey it
IS my 'real name')
..But is 'lighter' than having to build dnsdb just to see if a PTR RR
'exists'.
Recompile, reinstall.
The acl to utilize the above 'forced-bogus' return:
# C3A BFBI missing-PTR reject
#
deny
condition = ${if eq{$interface_port}{25}}
!hosts = : +relay_from_hosts
condition = ${if match{$sender_host_name}\
{$sender_host_address}{yes}{no}}
log_message = C3A cannot find PTR RR for $sender_host_address
=====
..though I *still* prefer reverse_host_lookup for its more intelligent
and comprehensive overall handling...
No patch supplied.
I don't code 'C'.
Bill
