On 11/16/21 13:47, Evgeniy Berdnikov via Exim-users wrote:
> Hello.
>
> On Tue, Nov 16, 2021 at 11:47:22AM -0500, Matt Corallo via Exim-users wrote:
>> Like the title says, for some reason exim 4.94.2-7 (Debian stable) is
>> refusing to ever expand sender_rcvhost to a verified hostname.
>
> Your mail passed my relay with Exim 4.94.2-7 (frozen good old version)
> and got this header:
>
> Received: from hummus.exim.org ([37.221.193.62]:49438)
> by tornado.rdtex.ru with esmtps
> (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
> (Exim 4.94.2)
> (envelope-from <exim-users-bounces...
> ...
>
> where I have custom
>
> received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}...
>
> So, $sender_rcvhost is expanded as it should be.
> Debian package on this host is exim4-daemon-heavy 4.94.2-7 (i386).
Ah, maybe I'm misunderstanding how $sender_rcvhost is expanded (and spamassassin is as well).
The way I was (apparently incorrectly?) interpreting a similar expansion here is that the host was
not verified via FcRDNS due to the presence of the square brackets in the parenthetical. Apparently
that is the way Spamassasin is also interpreting the same received line, marking all mails as "no
verified RDNS".
>> The below
>> shows a simple email inbound from github, as well as the relevant DNS
>> traffic from exim to the DNS server (with spamd stopped to ensure we're not
>> confusing spamd queries with exim queries).
>
> I see no expansion of $sender_rcvhost in your report.
> It may be obtained with -d+expand or extracted from "Received" headers.
Sorry, the received line (or another one from a bit later, same thing though) ended up as:
Received: from out-17.smtp.github.com ([192.30.252.200] helo=smtp.github.com)
by mail.as397444.net with esmtps TLS1.2 id 1mn1TT-003JJr-1l
(envelope-from <noreply@???>)
for gh-core-notifications@???; Tue, 16 Nov 2021 16:38:23 +0000