On 27/12/17 11:01, Jeremy Harris wrote:
> On 27/12/17 10:19, Sebastian Arcus via Exim-users wrote:
>> Apologies for posting for the third time in three days. I have the
>> following acl in acl_smtp_connect, which appears to be ignoring
>> completely the "delay =" setting:
>>
>> drop message = Reverse DNS record incorrect or missing
>> ! condition = ${if eq{$received_port}{587}}
>> ! verify = reverse_host_lookup
>> delay = 600s
>>
>> The acl is working, I can see the messages in the logs, but the
>> connections get dropped almost instantly - maybe 1-2 seconds max. I've
>> tried DENY instead of DROP, I tried 3m instead of 600s. I've even tried
>> moving it to acl_smtp_helo, and it does the same thing. I've googled,
>> but all the results refer to the standard use of DELAY =, nobody seems
>> to complain that theirs is not working. I am on Exim 4.89
>>
>> Edit: in fact, I just realised that none of the acl's in acl_smtp_helo
>> obey the delay either.
>>
>
> Run your daemon with the debug option "-d-all+acl". It'll run in
> foreground, and output debug info on the ACL flow to stderr.
> Check that it is indeed that ACL verb that is executing (and
> failing to delay) and not some other one.
Thank you for the suggestion. I think the following are the relevant
lines of output:
</snip>
processing "drop"
5976 message: Reverse DNS record incorrect or missing
5976 check !condition = ${if eq{$received_port}{587}}
5976 =
5976 check !verify = reverse_host_lookup
5976 looking up host name to force name/address consistency check
5976 drop: condition test deferred in ACL "acl_check_connect"
5976 LOG: connection_reject MAIN REJECT
5976 H=[196.207.181.208]:57629 I=[192.168.15.2]:25 temporarily
rejected connection in "connect" ACL: host lookup deferred for reverse
lookup check
5888 child 5976 ended: status=0x0
5888 normal exit, 0
</snip>
I'm not quite following the above - does it mean that the reverse dns
lookup fails somewhere, or is it deferred for some reason by the remote
end? No mention of the DELAY anywhere, though
