Re: [exim] Exim not obeying "delay = " in acl_smtp_connect

Top Page
Delete this message
Reply to this message
Author: Sebastian Arcus
Date:  
To: exim-users
Subject: Re: [exim] Exim not obeying "delay = " in acl_smtp_connect
On 27/12/17 12:58, Jeremy Harris wrote:
> On 27/12/17 12:39, Sebastian Arcus via Exim-users wrote:
>> processing "drop"
>>  5976   message: Reverse DNS record incorrect or missing
>>  5976 check !condition = ${if eq{$received_port}{587}}
>>  5976                  =
>>  5976 check !verify = reverse_host_lookup
>>  5976 looking up host name to force name/address consistency check
>>  5976 drop: condition test deferred in ACL "acl_check_connect"
>>  5976 LOG: connection_reject MAIN REJECT
>>  5976   H=[196.207.181.208]:57629 I=[192.168.15.2]:25 temporarily
>> rejected connection in "connect" ACL: host lookup deferred for reverse
>> lookup check
>>  5888 child 5976 ended: status=0x0
>>  5888   normal exit, 0
>>
>>
>> </snip>
>>
>> I'm not quite following the above - does it mean that the reverse dns
>> lookup fails somewhere,
>
> That's how I read it. Add more debug classes to that cmdline option
> for more info - I expect there's a dns-specfic one.
>
> Docs are at
> http://exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html#SECID39
>
>
> You could also look into options on the verify= ACL condition,
> if it does turn out to be a DNS issue. See the ACL chapter.


Ok - no sooner did I send my last email to the list, that a series of
spurious connections attempts started on another email server I
administer. I have below the log extract with exim -bd
-d-all+resolver+dns+verify

</snip>
18213 drop: condition test failed in ACL "acl_check_connect"
18213 processing "drop"
18213   message: Reverse DNS record incorrect or missing
18213 check !condition = ${if eq{$received_port}{587}}
18213                  =
18213 check !verify = reverse_host_lookup
18213 looking up host name to force name/address consistency check
18213 looking up host name for 182.48.94.184
18213 DNS lookup of 184.94.48.182.in-addr.arpa-PTR: using cached value 
DNS_AGAIN
18213 IP address PTR lookup gave temporary error
18213 drop: condition test deferred in ACL "acl_check_connect"
18213 SMTP>> 451 Temporary local problem - please try later
18213 LOG: connection_reject MAIN REJECT
18213   H=[182.48.94.184]:52523 I=[192.168.60.2]:25 temporarily rejected 
connection in "connect" ACL: host lookup deferred for reverse lookup check
18213 search_tidyup called
18141 child 18213 ended: status=0x0
18141   normal exit, 0
</snip>


I didn't think a PTR lookup should get a defer? If I look it up on the
command line:

# host 182.48.94.184
Host 184.94.48.182.in-addr.arpa not found: 2(SERVFAIL)

I tried the PTR lookup from another machine, on a completely different
network and DNS server, and I get the same SERVFAIL - so I can only
suppose it is not my DNS setup or server.

I've just spotted another issue, but I'll post a separate message to the
list, to try and keep things tidy