[exim] wrong result of dnsdb lookup

Top Page
Delete this message
Reply to this message
Author: Victor Ustugov
Date:  
To: Thomas Stein
Subject: [exim] wrong result of dnsdb lookup
hello

This is a result of dnssb lookup:

# exim -be '${lookup dnsdb{defer_never,txt=20161025._domainkey.gmail.com}}'
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR


But it's wrong. This is only a part of TXT record.

The whole value is:

# host -t txt 20161025._domainkey.gmail.com
;; Truncated, retrying in TCP mode.
20161025._domainkey.gmail.com descriptive text "k=rsa\;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
"tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"


So, if TXT record is splitted to some parts we can get only the first one.


Other examples:

# exim -be '${lookup dnsdb{defer_never,txt=d201702._domainkey.exim.org}}'
v=DKIM1; k=rsa;
p=MIG7MA0GCSqGSIb3DQEBAQUAA4GpADCBpQKBnQDKdPaDIXAcfltuNSAAHepxoQ2p6GUp1afnM7TWV2UCvDECnfebhi/QcLh7WYa5rt0wuKoTvNjyUI22oFoTe4MQJVELF7g33bnANG7eTIlQpjAUoo23Wga5bTvodw+cZin/0YK8Cbs0jkLcUpHzp12O6cYkl00H0YRg3E73LE9lEtJevYlNQ1T9i0rnXKqpnUb

# host -t txt d201702._domainkey.exim.org
d201702._domainkey.exim.org descriptive text "v=DKIM1\; k=rsa\;
p=MIG7MA0GCSqGSIb3DQEBAQUAA4GpADCBpQKBnQDKdPaDIXAcfltuNSAAHepxoQ2p6GUp1afnM7TWV2UCvDECnfebhi/QcLh7WYa5rt0wuKoTvNjyUI22oFoTe4MQJVELF7g33bnANG7eTIlQpjAUoo23Wga5bTvodw+cZin/0YK8Cbs0jkLcUpHzp12O6cYkl00H0YRg3E73LE9lEtJevYlNQ1T9i0rnXKqpnUb"
"U3CQJ/cMWGETQgwMCAwEAAQ=="


# exim -be '${lookup dnsdb{defer_never,txt=sndxprt.net}}'
v=spf1 a:smtp.sndxprt.net ~all
mailru-verification:

# host -t txt sndxprt.net
sndxprt.net descriptive text "v=spf1 a:smtp.sndxprt.net ~all"
sndxprt.net descriptive text "mailru-verification:" "99e86daee4224493"


The last example is simpler. It shows that second part of record
"99e86daee4224493" doesn't exist in the result of dnsdb lookup.


It's quite important for me to detect sender domanins with incomplete
mailru-verification record (for example: royal-serv.ru, vivaaudio.ru,
stelsforum.ru and so on). But I can't use dnsdb lookup to detect such
domains because domain sndxprt.net and other domains with stlitted TXT
records look like the desired domains.

As I understand this behaviour of dnsdb is buggy.

-- 
Best wishes Victor Ustugov  mailto:victor@corvax.kiev.ua
public GnuPG/PGP key:       https://victor.corvax.kiev.ua/corvax.asc
Skype ID: corvax_nb         JID: corvax_at_nb@???