[exim-dev] [Bug 2147] New: Random callout check causes actua…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer, [exim-dev] [Bug 2147] Random callout check causes actual ACL to defer
Subject: [exim-dev] [Bug 2147] New: Random callout check causes actual causes ACL to defer
https://bugs.exim.org/show_bug.cgi?id=2147

            Bug ID: 2147
           Summary: Random callout check causes actual causes ACL to defer
           Product: Exim
           Version: 4.89
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
          Assignee: jgh146exb@???
          Reporter: chirila@???
                CC: exim-dev@???


It looks like in exim 4.89 there is a inconsistency in the verification
function.

A successful random=accept callout result is actually causing the verify ACL
command to defer, while if the the random=accept result is in the cache the
verification passes.

Version information:
--------------------

Debian package

========
root@server1:~# exim -bV
Exim version 4.89 #1 built 14-Jun-2017 05:03:07
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR PROXY SOCKS
TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
========

Exim configuration:
-------------------

In RCPT ACL:

=====
acl_check_rcpt:

  deny
    !verify                = recipient/callout=2m,random


  accept
    set acl_m_verification = success
=====


In router:

=====
begin routers

spamexperts:
debug_print = "R: spamexperts for $local_part@$domain"
driver = manualroute
host_find_failed = ignore
host_all_ignored = freeze
transport = remote_smtp_se
route_list = $domain "<, mail.simplyspamfree.com"
=====

In transport:

=====
begin transports

remote_smtp_se:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
hosts_verify_avoid_tls = *
=====

Debugging with -bhc option
--------------------------

The debug while the random result is not in the cache:

=====
rcpt to:<test@???>
>>> using ACL "acl_check_rcpt"
>>> processing "deny"
>>> check !verify = recipient/callout=2m,random
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing test@???
>>> R: spamexperts for test@???
>>> calling spamexperts router
>>> catchall.simplyspamfree.com in "catchall.simplyspamfree.com"? yes (matched "catchall.simplyspamfree.com")
>>> routed by spamexperts router
>>> Attempting full verification using callout
>>> callout cache: no domain record found for catchall.simplyspamfree.com
>>> callout cache: no address record found for test@???
>>> interface=NULL port=25
>>> Connecting to mail.simplyspamfree.com [2a01:4f8:161:124b::173]:25 ... 2a01:4f8:161:124b::173 in hosts_try_fastopen? no (option unset)
>>> connected
>>>   SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Fri, 14 Jul 2017 10:54:56 +0200
>>> 2a01:4f8:161:124b::173 in hosts_avoid_esmtp? no (option unset)
>>>   SMTP>> EHLO server1.test24.simplyspamfree.com
>>> cmd buf flush 40 bytes
>>>   SMTP<< 250-mail.simplyspamfree.com Hello server1.test24.simplyspamfree.com [2a01:4f8:161:124b::4024]
>>>          250-SIZE 52428800
>>>          250-8BITMIME
>>>          250-PIPELINING
>>>          250 HELP
>>> 2a01:4f8:161:124b::173 in hosts_require_tls? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_avoid_pipelining? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_require_auth? no (option unset)
>>>   SMTP>> MAIL FROM:<> SIZE=1023
>>>   SMTP>> RCPT TO:<server1.test24.simplyspamfree.com-1500022496-testing@???>
>>> cmd buf flush 116 bytes
>>>   SMTP<< 250 OK
>>>   SMTP<< 250 Accepted
>>>   SMTP>> QUIT
>>> cmd buf flush 6 bytes
>>>   SMTP<< 221 mail.simplyspamfree.com closing connection
>>>   SMTP(close)>>
>>> interface=NULL port=25
>>> Connecting to mail.simplyspamfree.com [5.9.235.173]:25 ... 5.9.235.173 in hosts_try_fastopen? no (option unset)
>>> connected
>>>   SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Fri, 14 Jul 2017 10:54:56 +0200
>>> 5.9.235.173 in hosts_avoid_esmtp? no (option unset)
>>>   SMTP>> EHLO server1.test24.simplyspamfree.com
>>> cmd buf flush 40 bytes
>>>   SMTP<< 250-mail.simplyspamfree.com Hello server1.test24.simplyspamfree.com [5.9.235.163]
>>>          250-SIZE 52428800
>>>          250-8BITMIME
>>>          250-PIPELINING
>>>          250 HELP
>>> 5.9.235.173 in hosts_require_tls? no (option unset)
>>> 5.9.235.173 in hosts_avoid_pipelining? no (option unset)
>>> 5.9.235.173 in hosts_require_auth? no (option unset)
>>>   SMTP>> MAIL FROM:<> SIZE=1023
>>>   SMTP>> RCPT TO:<server1.test24.simplyspamfree.com-1500022496-testing@???>
>>> cmd buf flush 116 bytes
>>>   SMTP<< 250 OK
>>>   SMTP<< 250 Accepted
>>>   SMTP>> QUIT
>>> cmd buf flush 6 bytes
>>>   SMTP<< 221 mail.simplyspamfree.com closing connection
>>>   SMTP(close)>>
>>> wrote callout cache domain record for catchall.simplyspamfree.com:
>>>   result=1 postmaster=0 random=1
>>> ----------- end verify ------------
>>> deny: condition test deferred in ACL "acl_check_rcpt"

451 Could not complete recipient verify callout
LOG: H=(server1.test24.simplyspamfree.com) [127.0.0.1] F=<> temporarily
rejected RCPT <test@???>: Could not complete recipient
verify callout
=====

Note that the result was also written into the cache, so at the next attempt
the verification is successful:

=====
RSET
250 Reset OK
MAIL FROM:<>
>>> using ACL "acl_check_mail"
>>> processing "accept"
>>> accept: condition test succeeded in ACL "acl_check_mail"
>>> end of ACL "acl_check_mail": ACCEPT

250 OK
RCPT TO:<test@???>
>>> using ACL "acl_check_rcpt"
>>> processing "deny"
>>> check !verify = recipient/callout=2m,random
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing test@???
>>> R: spamexperts for test@???
>>> calling spamexperts router
>>> catchall.simplyspamfree.com in "catchall.simplyspamfree.com"? yes (matched "catchall.simplyspamfree.com")
>>> routed by spamexperts router
>>> Attempting full verification using callout
>>> callout cache: found domain record for catchall.simplyspamfree.com
>>> callout cache: domain accepts random addresses
>>> ----------- end verify ------------
>>> deny: condition test failed in ACL "acl_check_rcpt"
>>> processing "accept"
>>> check set acl_m_verification = success
>>> accept: condition test succeeded in ACL "acl_check_rcpt"
>>> end of ACL "acl_check_rcpt": ACCEPT

250 Accepted
=====

--
You are receiving this mail because:
You are on the CC list for the bug.