[exim-cvs] Support /defer_ok on verify=reverse_host_lookup. …

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Support /defer_ok on verify=reverse_host_lookup. Bug 344
Gitweb: http://git.exim.org/exim.git/commitdiff/7e8360e68b5372e91cc02d0450807a52f32d20da
Commit:     7e8360e68b5372e91cc02d0450807a52f32d20da
Parent:     6ebd79ec02c66e273975e48b481714768080790b
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Jan 24 18:48:48 2015 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jan 24 18:48:48 2015 +0000


    Support /defer_ok on verify=reverse_host_lookup.  Bug 344
---
 doc/doc-docbook/spec.xfpt    |    5 ++++-
 doc/doc-txt/ChangeLog        |    3 +++
 src/src/acl.c                |    8 ++++++--
 test/confs/0023              |    4 ++++
 test/scripts/0000-Basic/0023 |   11 +++++++++++
 test/stderr/0023             |   42 ++++++++++++++++++++++++++++++++++++++++++
 test/stdout/0023             |   18 ++++++++++++++++++
 7 files changed, 88 insertions(+), 3 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d5a16ca..77d966d 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -28824,7 +28824,7 @@ verified is redirected to a single address, verification continues with the new
address, and in that case, the subsequent value of &$address_data$& is the
value for the child address.

-.vitem &*verify&~=&~reverse_host_lookup*&
+.vitem &*verify&~=&~reverse_host_lookup/*&<&'options'&>
.cindex "&%verify%& ACL condition"
.cindex "&ACL;" "verifying host reverse lookup"
.cindex "host" "verifying reverse lookup"
@@ -28835,6 +28835,9 @@ Verification ensures that the host name obtained from a reverse DNS lookup, or
one of its aliases, does, when it is itself looked up in the DNS, yield the
original IP address.

+There is one possible option, &`defer_ok`&. If this is present and a
+DNS operation returns a temporary error, the verify condition succeeds.
+
If this condition is used for a locally generated message (that is, when there
is no client host involved), it always succeeds.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 57df782..bfe8725 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -47,6 +47,9 @@ JH/11 The incoming_interface log option now also enables logging of the
 JH/12 The cutthrough-routing facility now supports multi-recipient mails,
       if the interface and destination host and port all match.


+JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
+      /defer_ok option.
+



 Exim version 4.85
diff --git a/src/src/acl.c b/src/src/acl.c
index 06c1c49..f0716e0 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1662,7 +1662,7 @@ typedef struct {
   unsigned alt_opt_sep;        /* >0 Non-/ option separator (custom parser) */
   } verify_type_t;
 static verify_type_t verify_type_list[] = {
-    { US"reverse_host_lookup",    VERIFY_REV_HOST_LKUP,    ~0,    TRUE, 0 },
+    { US"reverse_host_lookup",    VERIFY_REV_HOST_LKUP,    ~0,    FALSE, 0 },
     { US"certificate",          VERIFY_CERT,         ~0,    TRUE, 0 },
     { US"helo",              VERIFY_HELO,         ~0,    TRUE, 0 },
     { US"csa",              VERIFY_CSA,         ~0,    FALSE, 0 },
@@ -1783,7 +1783,11 @@ switch(vp->value)
   {
   case VERIFY_REV_HOST_LKUP:
     if (sender_host_address == NULL) return OK;
-    return acl_verify_reverse(user_msgptr, log_msgptr);
+    if ((rc = acl_verify_reverse(user_msgptr, log_msgptr)) == DEFER)
+      while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
+    if (strcmpic(ss, US"defer_ok") == 0)
+      return OK;
+    return rc;


   case VERIFY_CERT:
     /* TLS certificate verification is done at STARTTLS time; here we just
diff --git a/test/confs/0023 b/test/confs/0023
index 2e5e15c..43f140d 100644
--- a/test/confs/0023
+++ b/test/confs/0023
@@ -98,6 +98,10 @@ acl_9_9_9:
 acl_V4NET_0_0:
   require verify = reverse_host_lookup
   accept
+acl_V4NET_99_99:
+  accept  local_parts = defer_ok
+      verify = reverse_host_lookup/defer_ok
+  accept  verify = reverse_host_lookup


 acl_V4NET_11_12:
   deny    message = host in DNS list $dnslist_domain: $dnslist_text
diff --git a/test/scripts/0000-Basic/0023 b/test/scripts/0000-Basic/0023
index 51e7123..3c028a1 100644
--- a/test/scripts/0000-Basic/0023
+++ b/test/scripts/0000-Basic/0023
@@ -189,6 +189,17 @@ mail from:<>
 rcpt to:<x@y>
 quit
 ****
+# This resolves to a name which will give `try again' when looked up
+exim -bh V4NET.99.99.96
+mail from:<>
+rcpt to:<x@y>
+quit
+****
+exim -bh V4NET.99.99.96
+mail from:<>
+rcpt to:<defer_ok@y>
+quit
+****
 exim -bh 29.29.29.29
 mail from:<a@localhost>
 rcpt to:<x@y>
diff --git a/test/stderr/0023 b/test/stderr/0023
index 89c1d39..7da3739 100644
--- a/test/stderr/0023
+++ b/test/stderr/0023
@@ -1128,6 +1128,48 @@ LOG: H=[V4NET.0.0.97] F=<> rejected RCPT <x@y>: host lookup failed for reverse l

>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

+>>> using ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check local_parts = defer_ok
+>>> x in "defer_ok"? no (end of list)
+>>> accept: condition test failed in ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check verify = reverse_host_lookup
+>>> looking up host name to force name/address consistency check
+>>> looking up host name for V4NET.99.99.96
+>>> IP address lookup yielded "x.test.again.dns"
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> temporary error for host name lookup
+>>> accept: condition test deferred in ACL "acl_V4NET_99_99"
+LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferred for reverse lookup check
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> using ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check local_parts = defer_ok
+>>> defer_ok in "defer_ok"? yes (matched "defer_ok")
+>>> check verify = reverse_host_lookup/defer_ok
+>>> looking up host name to force name/address consistency check
+>>> looking up host name for V4NET.99.99.96
+>>> IP address lookup yielded "x.test.again.dns"
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> temporary error for host name lookup
+>>> accept: condition test succeeded in ACL "acl_V4NET_99_99"
+>>> end of ACL "acl_V4NET_99_99": ACCEPT
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
>>> using ACL "acl_29_29_29"
>>> processing "deny"
>>> check dnslists = test.ex/$sender_address_domain

diff --git a/test/stdout/0023 b/test/stdout/0023
index b805f33..a835f2a 100644
--- a/test/stdout/0023
+++ b/test/stdout/0023
@@ -302,6 +302,24 @@
550 Administrative prohibition
221 myhost.test.ex closing connection

+**** SMTP testing session as if from host V4NET.99.99.96
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+451 Temporary local problem - please try later
+221 myhost.test.ex closing connection
+
+**** SMTP testing session as if from host V4NET.99.99.96
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+250 Accepted
+221 myhost.test.ex closing connection
+
**** SMTP testing session as if from host 29.29.29.29
**** but without any ident (RFC 1413) callback.
**** This is not for real!