Re: [exim] IPv6 bug with reverse_host_lookup

Top Page
Delete this message
Reply to this message
Author: Robert Blayzor
Date:  
To: exim-users
Subject: Re: [exim] IPv6 bug with reverse_host_lookup
On 6/24/21 11:54 AM, Evgeniy Berdnikov via Exim-users wrote:
> Pls, post here result of
>
> exim -d-all+dns+acl -bh '[2602:ff1c:1:80::50]:60631'





Exim version 4.94.2 uid=0 gid=0 pid=27354 D=24
Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DANE 
DKIM DNSSEC Event I18N OCSP PIPE_CONNECT PRDR SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm 
dbmjz dbmnz dnsdb dsearch passwd sqlite
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [4.8.2 20140120 (Red Hat 4.8.2-16)]
Library version: Glibc: Compile: 2.17
                         Runtime: 2.17
Library version: BDB: Compile: Berkeley DB 5.3.21: (May 11, 2012)
                       Runtime: Berkeley DB 5.3.21: (May 11, 2012)
Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips  26 Jan 2017
                           Runtime: OpenSSL 1.0.2k-fips  26 Jan 2017
                                  : built on: reproducible build, date 
unspecified
Library version: IDN: Compile: 1.28
                       Runtime: 1.28
Library version: spf2: Compile: 1.2.10
                        Runtime: 1.2.10
Library version: PCRE: Compile: 8.32
                        Runtime: 8.32 2012-11-30
Library version: SQLite: Compile: 3.7.17
                          Runtime: 3.32.3
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST: "/etc/exim_trusted_configs"
XDG_SESSION_ID in keep_environment? no (end of list)
HOSTNAME in keep_environment? no (end of list)
TERM in keep_environment? no (end of list)
SHELL in keep_environment? no (end of list)
HISTSIZE in keep_environment? no (end of list)
SSH_CLIENT in keep_environment? no (end of list)
SSH_TTY in keep_environment? no (end of list)
USER in keep_environment? no (end of list)
LS_COLORS in keep_environment? no (end of list)
MAIL in keep_environment? no (end of list)
PATH in keep_environment? no (end of list)
PWD in keep_environment? no (end of list)
EDITOR in keep_environment? no (end of list)
LANG in keep_environment? no (end of list)
PS1 in keep_environment? no (end of list)
HISTCONTROL in keep_environment? no (end of list)
SHLVL in keep_environment? no (end of list)
HOME in keep_environment? no (end of list)
LOGNAME in keep_environment? no (end of list)
VISUAL in keep_environment? no (end of list)
SSH_CONNECTION in keep_environment? no (end of list)
LESSOPEN in keep_environment? no (end of list)
XDG_RUNTIME_DIR in keep_environment? no (end of list)
HISTTIMEFORMAT in keep_environment? no (end of list)
_ in keep_environment? no (end of list)
configuration file is /etc/exim.conf
log selectors = 00001ffe 99805426 00000003
trusted user
admin user


**** SMTP testing session as if from host
2602:ff1c:0001:0080:0000:0000:0000:0050
**** but without any ident (RFC 1413) callback.
**** This is not for real!

host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
   SMTP connection from [2602:ff1c:0001:0080:0000:0000:0000:0050]:60631
host in host_lookup? no (option unset)
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? yes (matched "*")
using ACL "acl_smtp_connect"
processing "drop" (/etc/exim.conf 424)
   message: Your country is not allowed to connect to this server.
l_message: Country is banned
check hosts = +blocked_incoming_email_country_ips
host in "net-iplsearch;/etc/blocked_incoming_email_country_ips"? no (end 
of list)
host in "+blocked_incoming_email_country_ips"? no (end of list)
drop: condition test failed in ACL "acl_smtp_connect"
processing "warn" (/etc/exim.conf 434)
check !hosts = : +loopback : +neighbor_netblocks : +trustedmailhosts : 
+recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : 
+senderverifybypass_hosts : +greylist_trusted_netblocks : 
+greylist_common_mail_providers : +cpanel_mail_netblocks
host in "<; @[]; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 
0000:0000:0000:0000:0000:ffff:7f00:0000/8"? no (end of list)
host in "net-iplsearch;/etc/neighbor_netblocks"? no (end of list)
sender host name required, to match against lsearch;/etc/trustedmailhosts
looking up host name for 2602:ff1c:0001:0080:0000:0000:0000:0050
DNS lookup of 
0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.1.0.0.0.c.1.f.f.2.0.6.2.ip6.arpa. (PTR) 
succeeded
Reverse DNS security status: unverified
IP address lookup yielded "mta4.pr.judicialwatch.org"
DNS lookup of mta4.pr.judicialwatch.org (A) succeeded
checking addresses for mta4.pr.judicialwatch.org
Forward DNS security status: unverified
   192.107.243.81
no IP address for mta4.pr.judicialwatch.org matched 
2602:ff1c:0001:0080:0000:0000:0000:0050
2602:ff1c:0001:0080:0000:0000:0000:0050 does not match any IP address 
for mta4.pr.judicialwatch.org
host in "lsearch;/etc/trustedmailhosts"? no (failed to find host name 
for 2602:ff1c:0001:0080:0000:0000:0000:0050)
host in "net-iplsearch;/etc/recent_authed_mail_ips"? no (end of list)
sender host name required, to match against lsearch;/etc/backupmxhosts
host in "lsearch;/etc/backupmxhosts"? no (failed to find host name for 
2602:ff1c:0001:0080:0000:0000:0000:0050)
host in "net-iplsearch;/etc/skipsmtpcheckhosts"? no (end of list)
host in "net-iplsearch;/etc/senderverifybypasshosts"? no (end of list)
host in "net-iplsearch;/etc/greylist_trusted_netblocks"? no (end of list)
host in "net-iplsearch;/etc/greylist_common_mail_providers"? no (end of 
list)
host in "net-iplsearch;/etc/cpanel_mail_netblocks"? no (end of list)
host in ": +loopback : +neighbor_netblocks : +trustedmailhosts : 
+recent_authed_mail_ips : +backupmx_hosts : +skipsmtpcheck_hosts : 
+senderverifybypass_hosts : +greylist_trusted_netblocks : 
+greylist_common_mail_providers : +cpanel_mail_netblocks"? no (end of list)
check condition = ${if eq {$received_port}{25}{yes}{no}}
                 = no
warn: condition test failed in ACL "acl_smtp_connect"
processing "accept" (/etc/exim.conf 444)
check hosts = : +loopback : +recent_authed_mail_ips : +backupmx_hosts
host in ": +loopback : +recent_authed_mail_ips : +backupmx_hosts"? no 
(end of list)
accept: condition test failed in ACL "acl_smtp_connect"
processing "accept" (/etc/exim.conf 447)
check hosts = +trustedmailhosts
host in "+trustedmailhosts"? no (end of list)
accept: condition test failed in ACL "acl_smtp_connect"
processing "accept" (/etc/exim.conf 450)
2602:ff1c:0001:0080:0000:0000:0000:0050 in 
"net-iplsearch;/etc/trustedmailhosts"? no (end of list)
check condition = ${if 
match_ip{$sender_host_address}{net-iplsearch;/etc/trustedmailhosts}{1}{0}}
                 = 0
accept: condition test failed in ACL "acl_smtp_connect"
processing "defer" (/etc/exim.conf 453)
check condition = ${if eq {$received_port}{25}{yes}{no}}
                 = no
defer: condition test failed in ACL "acl_smtp_connect"
processing "warn" (/etc/exim.conf 463)
check condition = ${if eq {$received_port}{25}{yes}{no}}
                 = no
warn: condition test failed in ACL "acl_smtp_connect"
processing "defer" (/etc/exim.conf 470)
check condition = ${if eq {$received_port}{25}{yes}{no}}
                 = no
defer: condition test failed in ACL "acl_smtp_connect"
processing "drop" (/etc/exim.conf 482)
   message: Your host is not allowed to connect to this server.
l_message: Host is banned
check hosts = +spammeripblocks
host in "net-iplsearch;/etc/spammeripblocks"? no (end of list)
host in "+spammeripblocks"? no (end of list)
drop: condition test failed in ACL "acl_smtp_connect"
processing "defer" (/etc/exim.conf 494)
check !verify = reverse_host_lookup/defer_ok
l_message: PTR invalid for $sender_host_address
defer: condition test succeeded in ACL "acl_smtp_connect"
end of ACL "acl_smtp_connect": DEFER
451 Temporary local problem - please try later
LOG: connection_reject MAIN REJECT
   H=[2602:ff1c:0001:0080:0000:0000:0000:0050]:60631 temporarily 
rejected connection in "connect" ACL: PTR invalid for 
2602:ff1c:0001:0080:0000:0000:0000:0050: host lookup failed 
(2602:ff1c:0001:0080:0000:0000:0000:0050 does not match any IP address 
for mta4.pr.judicialwatch.org)

>>>>>>>>>>>>>>>> Exim pid=27354 (fresh-exec) terminating with rc=0
>>>>>>>>>>>>>>>>