[exim-dev] [Bug 2972] ACL check "!verify = reverse_host_loo…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2972] ACL check "!verify = reverse_host_lookup" gives error
https://bugs.exim.org/show_bug.cgi?id=2972

--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
> An ACL with the following lines gives some strange and hard to predict error:
>
>     warn    log_message      = [ACL_MAIL_UNAUTHED] Reverse DNS lookup failed
>             !verify          = reverse_host_lookup
>             set acl_m_reject = true
>             add_header       = X-SPAM-REVERSE-DNS-LOOKUP: failed

>
>
> There are 2 different versions of the error. For the precise text above
> currently the error is only received when actually processing an incoming
> mail:
>
> X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no temporarily rejected MAIL
> <XXXXX@???>: expected "sender[=address]", "recipient", "helo",
> "header_syntax", "header_sender", "header_names_ascii" or
> "reverse_host_lookup" at start of ACL condition "verify  reverse_host_lookup"


You didn't show the bit of config actually producing that logged error...
but why do you think it's a bug and not a real verification-fail?

> This is literally copied from journald. The '=' is suddenly missing. In the
> config file, it exists.


What '=' where?

>
> Before I got a different error, when starting up exim. Same line. A minor
> different ACL check. The old check was:
>
>     warn    log_message      = ACL_MAIL_UNAUTHED: Reverse DNS lookup failed.
>             !verify          = reverse_host_lookup
>             set acl_m_reject = true
>             add_header       = X-SPAM-REVERSE-DNS-LOOKUP: failed

>
> The error was:
> [2/2] error in ACL: "=" missing after ACL "verify" condition
> [1\2] 2023-01-12 16:53:36.247 [18255] Exim configuration error in line 137
> of /etc/mail/exim.conf:
> error in ACL: "=" missing after ACL "verify" condition


Did you check the exact line number?
Are you certain that the exim process concerned was using the file
you investigated, and not some older edit, due to a lack of service-reload
(or restart)?

>
> Now I commented those lines, everything else is working fine. I have 8
> checks in this ACL. They are all in a similar structure. Among others I have 
>             !verify          = helo
>             !verify          = csa
>             !verify          = sender/callout=10s,fullpostmaster
> in the same ACL and they dont throw any error.


--
You are receiving this mail because:
You are on the CC list for the bug.