Re: [exim] IPv6 bug with reverse_host_lookup

Top Page
Delete this message
Reply to this message
Author: Jasen Betts
Date:  
To: exim-users
Subject: Re: [exim] IPv6 bug with reverse_host_lookup
On 2021-06-24, Cyborg via Exim-users <exim-users@???> wrote:
> Am 24.06.21 um 20:05 schrieb Evgeniy Berdnikov via Exim-users:
>> On Thu, Jun 24, 2021 at 01:11:40PM -0400, Robert Blayzor via Exim-users wrote:
>>> On 6/24/21 11:54 AM, Evgeniy Berdnikov via Exim-users wrote:
>>>>    Pls, post here result of
>>>>    exim -d-all+dns+acl -bh '[2602:ff1c:1:80::50]:60631'
>>> Exim version 4.94.2 uid=0 gid=0 pid=27354 D=24
>> ...
>>> looking up host name for 2602:ff1c:0001:0080:0000:0000:0000:0050
>>> DNS lookup of
>>> 0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.1.0.0.0.c.1.f.f.2.0.6.2.ip6.arpa.
>>> (PTR) succeeded
>>> Reverse DNS security status: unverified
>>> IP address lookup yielded "mta4.pr.judicialwatch.org"
>>> DNS lookup of mta4.pr.judicialwatch.org (A) succeeded
>>> checking addresses for mta4.pr.judicialwatch.org
>>> Forward DNS security status: unverified
>>>    192.107.243.81
>>> no IP address for mta4.pr.judicialwatch.org matched
>>> 2602:ff1c:0001:0080:0000:0000:0000:0050
>>> 2602:ff1c:0001:0080:0000:0000:0000:0050 does not match any IP address for
>>> mta4.pr.judicialwatch.org
>>   And below is output from my test host:

>>
>> looking up host name for 2602:ff1c:0001:0080:0000:0000:0000:0050
>> DNS lookup of 0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.1.0.0.0.c.1.f.f.2.0.6.2.ip6.arpa. (PTR) succeeded
>> Reverse DNS security status: unverified
>> IP address lookup yielded "mta4.pr.judicialwatch.org"
>> DNS lookup of mta4.pr.judicialwatch.org (AAAA) succeeded
>> DNS lookup of mta4.pr.judicialwatch.org (A) succeeded
>> checking addresses for mta4.pr.judicialwatch.org
>> Forward DNS security status: unverified
>>    2602:ff1c:1:80::50 OK

>>
>> The difference is that your Exim does not do IPv6 (AAAA) record lookup.
>> Try to locate the reason... I'd propose to compare with pure Exim setup.
>
> I just verified it on a IPv6 enabled 4.92.2 system, and it does show the
> excat same error as Robert gets:
>
> host in hosts_connection_nolog? no (option unset)
> LOG: smtp_connection MAIN
>   SMTP connection from [2602:ff1c:0001:0080:0000:0000:0000:0050]
> host in host_lookup? yes (matched "*")
> looking up host name for 2602:ff1c:0001:0080:0000:0000:0000:0050
> DNS lookup of
> 0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.1.0.0.0.c.1.f.f.2.0.6.2.ip6.arpa.
> (PTR) succeeded
> Reverse DNS security status: unverified
> IP address lookup yielded "mta4.pr.judicialwatch.org"
> DNS lookup of mta4.pr.judicialwatch.org (A) succeeded
> checking addresses for mta4.pr.judicialwatch.org
> Forward DNS security status: unverified*
> **  192.107.243.81*
> no IP address for mta4.pr.judicialwatch.org matched
> 2602:ff1c:0001:0080:0000:0000:0000:0050
> 2602:ff1c:0001:0080:0000:0000:0000:0050 does not match any IP address
> for mta4.pr.judicialwatch.org
>
> # exim -be '${lookup dnsdb {ptr=2602:ff1c:1:80::50}}'
> mta4.pr.judicialwatch.org


perhaps you have ip6 lookups disabled in /etc/gai.conf ?

--
Jasen.