[exim-dev] [Bug 1885] Mail heisenbounces. Probable cause: IP…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: admin
Datum:  
To: exim-dev
Betreff: [exim-dev] [Bug 1885] Mail heisenbounces. Probable cause: IPv6 and/or lack of encryption.
https://bugs.exim.org/show_bug.cgi?id=1885

--- Comment #20 from Thaddeus H. Black <thb@???> ---
And now I see that this issue is mentioned in a Debian man page,
exim4-config_files(5). Apparently, it is a real, longstanding problem without
a known solution. The relevant excerpt from the man page follows.

/etc/exim4/passwd.client

contains account and password data for SMTP authentication when exim is
authenticating as a client to some remote server.

The file should contain lines of the form

target.mail.server.example:login-user-name:password

which will cause exim to use login-user-name and password when sending messages
to a server with the canonical host name target.mail.server.example. Please
note that this does not configure the mail server to send to (this is
determined in Debconf), but only creates the correlation between host name and
authentication credentials to avoid exposing passwords to the wrong host.

Please note that target.mail.server.example is currently the value that exim
can read from reverse DNS: It first follows the host name of the target system
until it finds an IP address, and then looks up the reverse DNS for that IP
address to use the outcome of this query (or the IP address itself should the
query fail) as index into /etc/exim4/passwd.client.

This goes inevitably wrong if the host name of the mail server is a CNAME (a
DNS alias), or the reverse lookup does not fit the forward one.

Currently, you need to manually lookup all reverse DNS names for all IP
addresses that your SMTP server host name points to, for example by using the
host command. If the SMTP smarthost alias expands to multiple IPs, you need to
have multiple lines for all the hosts. When your ISP changes the alias, you
will need to manually fix that.

You may minimize this trouble by using a wild card entry or regular
expressions, thus reducing the risk of divulging the password to the wrong SMTP
server while reducing the number of necessary lines. For a deeper discussion,
see the Debian BTS #244724.

--
You are receiving this mail because:
You are on the CC list for the bug.