Re: [exim] IPv6 bug with reverse_host_lookup

Góra strony
Delete this message
Reply to this message
Autor: Cyborg
Data:  
Dla: exim-users
Temat: Re: [exim] IPv6 bug with reverse_host_lookup
Am 24.06.21 um 20:05 schrieb Evgeniy Berdnikov via Exim-users:
> On Thu, Jun 24, 2021 at 01:11:40PM -0400, Robert Blayzor via Exim-users wrote:
>> On 6/24/21 11:54 AM, Evgeniy Berdnikov via Exim-users wrote:
>>>    Pls, post here result of
>>>    exim -d-all+dns+acl -bh '[2602:ff1c:1:80::50]:60631'
>> Exim version 4.94.2 uid=0 gid=0 pid=27354 D=24
> ...
>> looking up host name for 2602:ff1c:0001:0080:0000:0000:0000:0050
>> DNS lookup of
>> 0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.1.0.0.0.c.1.f.f.2.0.6.2.ip6.arpa.
>> (PTR) succeeded
>> Reverse DNS security status: unverified
>> IP address lookup yielded "mta4.pr.judicialwatch.org"
>> DNS lookup of mta4.pr.judicialwatch.org (A) succeeded
>> checking addresses for mta4.pr.judicialwatch.org
>> Forward DNS security status: unverified
>>    192.107.243.81
>> no IP address for mta4.pr.judicialwatch.org matched
>> 2602:ff1c:0001:0080:0000:0000:0000:0050
>> 2602:ff1c:0001:0080:0000:0000:0000:0050 does not match any IP address for
>> mta4.pr.judicialwatch.org
>   And below is output from my test host:

>
> looking up host name for 2602:ff1c:0001:0080:0000:0000:0000:0050
> DNS lookup of 0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.1.0.0.0.c.1.f.f.2.0.6.2.ip6.arpa. (PTR) succeeded
> Reverse DNS security status: unverified
> IP address lookup yielded "mta4.pr.judicialwatch.org"
> DNS lookup of mta4.pr.judicialwatch.org (AAAA) succeeded
> DNS lookup of mta4.pr.judicialwatch.org (A) succeeded
> checking addresses for mta4.pr.judicialwatch.org
> Forward DNS security status: unverified
>    2602:ff1c:1:80::50 OK

>
> The difference is that your Exim does not do IPv6 (AAAA) record lookup.
> Try to locate the reason... I'd propose to compare with pure Exim setup.


I just verified it on a IPv6 enabled 4.92.2 system, and it does show the
excat same error as Robert gets:

host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
  SMTP connection from [2602:ff1c:0001:0080:0000:0000:0000:0050]
host in host_lookup? yes (matched "*")
looking up host name for 2602:ff1c:0001:0080:0000:0000:0000:0050
DNS lookup of
0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.1.0.0.0.c.1.f.f.2.0.6.2.ip6.arpa.
(PTR) succeeded
Reverse DNS security status: unverified
IP address lookup yielded "mta4.pr.judicialwatch.org"
DNS lookup of mta4.pr.judicialwatch.org (A) succeeded
checking addresses for mta4.pr.judicialwatch.org
Forward DNS security status: unverified*
**  192.107.243.81*
no IP address for mta4.pr.judicialwatch.org matched
2602:ff1c:0001:0080:0000:0000:0000:0050
2602:ff1c:0001:0080:0000:0000:0000:0050 does not match any IP address
for mta4.pr.judicialwatch.org

# exim -be '${lookup dnsdb {ptr=2602:ff1c:1:80::50}}'
mta4.pr.judicialwatch.org

OS: Fedora 33   / systemd-resolved disabled / named in use


best regards,
Marius