On Wed Feb 23 2022 at 09:17 PM +0000, Jeremy Harris via Exim-users wrote: > On 22/02/2022 20:20, Bill Brelsford via Exim-users wrote:
> > It gets a different IP address (.109 vs .108) when looking up hosts
> > in hosts_require_auth, so fails. Why does it do a second DNS lookup
> > for the target host?
>
> What is your hosts_require_auth option set to?
It was a hostlist with 4 named hosts. Adding 74.125.0.0/16 to it
(and removing hosts_try_auth) works fine. In the end I simplified
it to "hosts_require_auth = *", since I don't connect to any
non-auth servers anyway..
> hosts_require_auth takes a hostlist. If you give
> a name as a list element then an A-lookup will be
> done, and the set of IPs returned compared with
> the connection address. The list might be in any order
> and (more importantly here) if long, truncated.
> You can see how that could fail against the 800lb
> gorilla.
The gorilla's list is always short -- only one IP, which isn't
always the same as the connection address.
Thanks for your suggestions and explanations, Jeremy.