[exim] localhost [reverse] lookup reaches external/global DN…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Konstantin Kletschke
Data:  
Para: exim-users
Assunto: [exim] localhost [reverse] lookup reaches external/global DNS
Hello :)

My system is running fine for a while with small modifications each and
then.
In order to fully IPv6 enabling this I found a configuration errort
symptom I am too stupid to fix.

I used my hosting provider DNS servers in /etc/resolv.conf and they
return results for [reverse] lookups
for localhost [127.0.0.1]. I am not sure if this is legal, but no system
should reach out to use them anyhow.

I was not aware my system does, was not aware I use such DNS servers,
but in order to use ipv6 DNS servers
I inserted one that does not deliver localhost query results (I found
out after debugging) and the error was
revealed.

My exim accepts mail, passes those to amavisd-new on port 10024,
receives the result back on 10025 and does
virtual local delivery then. This use case breaks now. System is current
mos actual debian stable.

When /etc/resolv.conv nameserver's are google, i.e. do _no_ localhost
handling, I get something like this:

2019-12-07 14:57:32 1idaaS-0000Hk-4A <= test@???
H=mail.example.de [1.x.y.2]:41770 I=[83.246.46.207]:25 P=esmtps
X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no S=2796 DKIM=example.de
id=640c427189f9f5b62c5a79e7c826c166@??? from <test@???>
for konsti@???
2019-12-07 14:57:32 SMTP connection from mail.example.de
[1.x.y.24]:41770 I=[83.246.46.207]:25 closed by QUIT
2019-12-07 14:57:33 SMTP connection from [127.0.0.1]:49642
I=[127.0.0.1]:10025 (TCP/IP connection count = 2)
2019-12-07 14:57:33 H=(localhost) [127.0.0.1]:49642 I=[127.0.0.1]:10025
rejected MAIL <test@???>: host lookup failed (127.0.0.1 does not
match any IP address for localhost)
2019-12-07 14:57:33 1idaaS-0000Hk-4A ** konsti@???
F=<test@???> R=amavis T=amavis H=localhost [::1] I=[::1]: SMTP
error from remote mail server after end of data: 550 5.1.0 id=00985-01 -
Rejected by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025):
550 Warning - Reverse DNS lookup failed for host 127.0.0.1.
2019-12-07 14:57:33 1idaaT-0000Hv-R6 <= <> R=1idaaS-0000Hk-4A
U=Debian-exim P=local S=4478 from <> for test@???
2019-12-07 14:57:33 1idaaS-0000Hk-4A Completed
2019-12-07 14:57:34 1idaaT-0000Hv-R6 => test@??? F=<>
R=lookuphost T=remote_smtp S=4586 H=mail.example.de [1.x.y.24]
I=[83.246.46.207] X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes
DN="OU=Domain Control Validated,CN=*.example.de" K C="250 2.0.0 Ok: 4586
bytes queued as 1C2D140062"
2019-12-07 14:57:34 1idaaT-0000Hv-R6 Completed

Who, where, when is the reverse lookup failure complained about exactly?
Is this exim on port 10025 receiving the mail back from amavisd-new?


I have two issue with the system, may be they are related:

When computer reboots (with DNS servers handling localhost), the 1st
time konsti@??? gets an email, there is a delay:

The first delivery line is printed into the log, then after 4 minutes
the second line appears:

2019-12-07 15:00:48 1idadb-0000FX-VZ <= test@???
H=mail.example.de [1.x.y.24]:41998 I=[83.246.46.207]:25 P=esmtps
X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no S=2796 DKIM=example.de
id=95b3dd020f4f06af9c210be3c39ae7e0@??? from <test@???>
for konsti@???
2019-12-07 15:00:48 SMTP connection from mail.example.de
[1.x.y.24]:41998 I=[83.246.46.207]:25 closed by QUIT

4min delay

2019-12-07 15:03:01 1idafl-0000Gg-9x <= test@??? H=localhost
[127.0.0.1]:59716 I=[127.0.0.1]:10025 P=esmtp S=3221 DKIM=example.de
id=95b3dd020f4f06af9c210be3c39ae7e0@??? from <test@???>
for konsti@???
2019-12-07 15:03:01 1idadb-0000FX-VZ => konsti@???
F=<test@???> R=amavis T=amavis S=2863 H=localhost [::1] I=[::1]
C="250 2.6.0 from MTA(smtp:[127.0.0.1]:10025): 250 OK
id=1idafl-0000Gg-9x"
2019-12-07 15:03:01 1idadb-0000FX-VZ Completed
2019-12-07 15:03:01 1idafl-0000Gg-9x => konsti <konsti@???>
F=<test@???> R=virtual_localuser T=virtual_local_delivery S=3348
2019-12-07 15:03:01 1idafl-0000Gg-9x Completed

After a couple of mails the 4 minute delay vanishes and delivery runs in
less than a second.

Second issue, mail to root works, mail to root@localhost not:

# exim -bt root
konsti@???
     <-- root@???
   router = amavis, transport = amavis
   host localhost [::1]
   host localhost [127.0.0.1]


# exim -bt root@localhost
LOG: MAIN
remote host address is the local host: localhost (while routing
<root@localhost>)
root@localhost cannot be resolved at this time: remote host address is
the local host

I added localhost into local_domains which solves the last issue but the
localhost lookup reaching the outer
DNS servers is the same.

Where is my hitch that localhost lookups reach the outer world?
/etc/hosts has loclhost entries for 127.0.0.1 and ::1.

Kind Regards
Konstantin
--
Konstantin Kletschke
P: +49 151 68170177
OpenPGP: 13C9 B16B 9844 EC15 CC2E A080 1E69 3FDA EF62 FCEF