Re: [exim] Urouteable address when send from remote host

Góra strony
Delete this message
Reply to this message
Autor: Frodo Larik
Data:  
Dla: Todd Lyons
CC: exim-users
Temat: Re: [exim] Urouteable address when send from remote host
Hi,

I think the output show’s what I’m suspecting, it has something to do with local_domains and the routing of it, but I don’t know how to solve it, I’m probably missing some crucial info on the inner workings of Exim (I’m new to Exim, I normally run postfix, but sofar I like what I see, despite the problems ;-)).

> exim -bh ip.of.remote.server


I’ve run this command twice, once with the domain in local_domains+relay_domains, the second time with the domain only in relay_domains

The following data is used:
- exim.conf from the last mail
- remote server: mail.somedomain.com [x.x.x.x]
- remote e-mail: user@???
- local user: my.user@???:
- local server mail.example.com

local_domains+relay_domains:

# exim -bh x.x.x.x

**** SMTP testing session as if from host x.x.x.x
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for x.x.x.x
>>> IP address lookup yielded mail.somedomain.com
>>> gethostbyname2 looked up these IP addresses:
>>> name=mail.somedomain.com address=x.x.x.x
>>> checking addresses for mail.somedomain.com
>>> x.x.x.x OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

220 mail.example.com ESMTP Exim 4.82 Fri, 25 Apr 2014 09:19:47 +0200
EHLO mail.somedomain.com
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> host in tls_advertise_hosts? yes (matched "*")

250-mail.example.com Hello mail.somedomain.com [x.x.x.x]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from:user@???
250 OK
rcpt to:my.user@???
>>> using ACL "check_recipient"
>>> processing "deny"
>>> check domains = +local_domains
>>> example.com in "lsearch;/etc/virtual/domains"? yes (matched "lsearch;/etc/virtual/domains")
>>> example.com in "+local_domains"? yes (matched "+local_domains")
>>> check local_parts = ^[.] : ^.*[@%!/|]
>>> my.user in "^[.] : ^.*[@%!/|]"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = +auth_relay_hosts
>>> host in "*"? yes (matched "*")
>>> host in "+auth_relay_hosts"? yes (matched "+auth_relay_hosts")
>>> check condition = ${if eq {$interface_port}{587} {yes}{no}}
>>>                 = no
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = !+local_domains
>>> example.com in "!+local_domains"? no (matched "!+local_domains" - cached)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check sender_domains = +whitelist_domains
>>> somedomain.com in "lsearch;/etc/virtual/whitelist_domains"? no (end of list)
>>> somedomain.com in "+whitelist_domains"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = +whitelist_hosts
>>> host in "lsearch;/etc/virtual/whitelist_hosts"? no (end of list)
>>> host in "+whitelist_hosts"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = +whitelist_hosts_ip
>>> host in "net-lsearch;/etc/virtual/whitelist_hosts"? no (end of list)
>>> host in "+whitelist_hosts_ip"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check senders = +whitelist_senders
>>> user@??? in "lsearch;/etc/virtual/whitelist_senders"? no (end of list)
>>> user@??? in "+whitelist_senders"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check local_parts = postmaster
>>> my.user in "postmaster"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check local_parts = abuse
>>> my.user in "abuse"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check local_parts = hostmaster
>>> my.user in "hostmaster"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = +use_rbl_domains
>>> example.com in "lsearch;/etc/virtual/use_rbl_domains"? yes (matched "lsearch;/etc/virtual/use_rbl_domains")
>>> example.com in "+use_rbl_domains"? yes (matched "+use_rbl_domains")
>>> check sender_domains = +blacklist_domains
>>> somedomain.com in "lsearch;/etc/virtual/blacklist_domains"? no (end of list)
>>> somedomain.com in "+blacklist_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = +use_rbl_domains
>>> example.com in "+use_rbl_domains"? yes (matched "+use_rbl_domains" - cached)
>>> check hosts = +bad_sender_hosts
>>> host in "lsearch;/etc/virtual/bad_sender_hosts"? no (end of list)
>>> host in "+bad_sender_hosts"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = +use_rbl_domains
>>> example.com in "+use_rbl_domains"? yes (matched "+use_rbl_domains" - cached)
>>> check hosts = +bad_sender_hosts_ip
>>> host in "net-lsearch;/etc/virtual/bad_sender_hosts"? no (end of list)
>>> host in "+bad_sender_hosts_ip"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = use_rbl_domains
>>> example.com in "use_rbl_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check senders = +blacklist_senders
>>> user@??? in "lsearch;/etc/virtual/blacklist_senders"? no (end of list)
>>> user@??? in "+blacklist_senders"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check hosts = !+relay_hosts
>>> host in "net-lsearch;/etc/virtual/pophosts"? no (end of list)
>>> host in "!+relay_hosts"? yes (end of list)
>>> check domains = +use_rbl_domains
>>> example.com in "+use_rbl_domains"? yes (matched "+use_rbl_domains" - cached)
>>> check !authenticated = *
>>> check dnslists = zen.spamhaus.org
>>> DNS list check: zen.spamhaus.org
>>> new DNS lookup for 161.147.79.178.zen.spamhaus.org
>>> DNS lookup for 161.147.79.178.zen.spamhaus.org failed
>>> => that means x.x.x.x is not listed at zen.spamhaus.org
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check domains = +local_domains
>>> example.com in "+local_domains"? yes (matched "+local_domains" - cached)
>>> check verify = recipient

>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing my.user@???
>>> example.com in "! +local_domains"? no (matched "! +local_domains" - cached)
>>> example.com in "lsearch;/etc/virtual/domainowners"? no (end of list)
>>> example.com in "lsearch;/etc/virtual/domainowners"? no (end of list)
>>> calling virtual_aliases_nostar router
>>> virtual_aliases_nostar router declined for my.user@???
>>> example.com in "lsearch;/etc/virtual/domainowners"? no (end of list)
>>> calling virtual_aliases router
>>> virtual_aliases router declined for my.user@???
>>> calling drop_solo_alias router
>>> drop_solo_alias router declined for my.user@???
>>> calling system_aliases router
>>> system_aliases router declined for my.user@???
>>> no more routers
>>> ----------- end verify ------------
>>> accept: condition test failed in ACL "check_recipient"
>>> accept: endpass encountered - denying access

550 "Unknown User"
LOG: H=mail.somedomain.com [x.x.x.x] F=<user@???> rejected RCPT my.user@???: Unrouteable address
quit
LOG: H=mail.somedomain.com [x.x.x.x] incomplete transaction (QUIT) from <user@???>
221 mail.example.com closing connection

only relay_domains:

# exim -bh x.x.x.x

**** SMTP testing session as if from host x.x.x.x
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for x.x.x.x
>>> IP address lookup yielded mail.somedomain.com
>>> gethostbyname2 looked up these IP addresses:
>>> name=mail.somedomain.com address=x.x.x.x
>>> checking addresses for mail.somedomain.com
>>> x.x.x.x OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

220 mail.example.com ESMTP Exim 4.82 Fri, 25 Apr 2014 10:07:30 +0200
ehlo mail.somedomain.com
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> host in tls_advertise_hosts? yes (matched "*")

250-mail.example.com Hello mail.somedomain.com [x.x.x.x]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from:user@???
250 OK
rcpt to:my.user@???
>>> using ACL "check_recipient"
>>> processing "deny"
>>> check domains = +local_domains
>>> example.com in "lsearch;/etc/virtual/domains"? no (end of list)
>>> example.com in "+local_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = +auth_relay_hosts
>>> host in "*"? yes (matched "*")
>>> host in "+auth_relay_hosts"? yes (matched "+auth_relay_hosts")
>>> check condition = ${if eq {$interface_port}{587} {yes}{no}}
>>>                 = no
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = !+local_domains
>>> example.com in "!+local_domains"? yes (end of list)
>>> check local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>>> my.user in "^[./|] : ^.*[@%!] : ^.*/\.\./"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check sender_domains = +whitelist_domains
>>> somedomain.com in "lsearch;/etc/virtual/whitelist_domains"? no (end of list)
>>> somedomain.com in "+whitelist_domains"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = +whitelist_hosts
>>> host in "lsearch;/etc/virtual/whitelist_hosts"? no (end of list)
>>> host in "+whitelist_hosts"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check hosts = +whitelist_hosts_ip
>>> host in "net-lsearch;/etc/virtual/whitelist_hosts"? no (end of list)
>>> host in "+whitelist_hosts_ip"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check senders = +whitelist_senders
>>> user@??? in "lsearch;/etc/virtual/whitelist_senders"? no (end of list)
>>> user@??? in "+whitelist_senders"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check local_parts = postmaster
>>> my.user in "postmaster"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check local_parts = abuse
>>> my.user in "abuse"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check local_parts = hostmaster
>>> my.user in "hostmaster"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = +use_rbl_domains
>>> example.com in "lsearch;/etc/virtual/use_rbl_domains"? no (end of list)
>>> example.com in "+use_rbl_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = +use_rbl_domains
>>> example.com in "+use_rbl_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = +use_rbl_domains
>>> example.com in "+use_rbl_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check domains = use_rbl_domains
>>> example.com in "use_rbl_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check senders = +blacklist_senders
>>> user@??? in "lsearch;/etc/virtual/blacklist_senders"? no (end of list)
>>> user@??? in "+blacklist_senders"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "deny"
>>> check hosts = !+relay_hosts
>>> host in "net-lsearch;/etc/virtual/pophosts"? no (end of list)
>>> host in "!+relay_hosts"? yes (end of list)
>>> check domains = +use_rbl_domains
>>> example.com in "+use_rbl_domains"? no (end of list)
>>> deny: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check domains = +local_domains
>>> example.com in "+local_domains"? no (end of list)
>>> accept: condition test failed in ACL "check_recipient"
>>> processing "accept"
>>> check domains = +relay_domains
>>> example.com in "lsearch;/etc/virtual/relay_domains : localhost"? yes (matched "lsearch;/etc/virtual/relay_domains")
>>> example.com in "+relay_domains"? yes (matched "+relay_domains")
>>> check verify = recipient

>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing my.user@???
>>> example.com in "! +local_domains"? yes (end of list)
>>> calling lookuphost router
>>> 37.34.49.253 in "127.0.0.0/8"? no (end of list)
>>> local host has lowest MX

LOG: lowest numbered MX record points to local host: example.com (while verifying <my.user@???> from host mail.somedomain.com [x.x.x.x])
>>> lookuphost router: defer for my.user@???
>>> message: lowest numbered MX record points to local host
>>> ----------- end verify ------------
>>> accept: condition test deferred in ACL "check_recipient"

451 Temporary local problem - please try later
LOG: H=mail.somedomain.com [x.x.x.x] F=<user@???> temporarily rejected RCPT my.user@???: lowest numbered MX record points to local host

Regards,

Frodo