On 2023-05-28 03:10, Slavko via Exim-users wrote:
> Dňa 28. mája 2023 9:35:07 UTC používateľ AC via Exim-users <exim-users@???> napísal:
>
>> Thanks, I already did check localhost but it appears what I was after was actually sender_host_name being empty which, from what I understand, is what H=([ip]) actually represents in the logs (if that's not the case hopefully someone can correct me).
>
> There are two names of remote client, the one used in EHLO
> SMTP command and one from IPs PTR record.
>
> The EHLO name is shown in log only if it differs from (confirmed)
> PTR name
>
> The PTR name is in log only if that name's IP matches client's
> IP (is confirmed) and exim is configured to obtain that PTR
> name (i do it on MTA but don't do it on MSA).
>
> Thus full host entry in log has format (if EHLO & PTR names
> differs)
>
> H=ptr_name (ehlo_name) [client_ip]
>
> The log entry "H=([ip]) ..." means, that here is not (confirmed)
> PTR name and client used IP literal in EHLO name. It is expected
> on MSA (from users), but AFAIK has not be used by MTA
> nowadays (i do not accept it). Address literal is basically
> IP (with prefix for IPv6) enclosed in squared brackets, thus
> simple ${sg} regex can detect it...
>
> These squared brackets can be confusing, as real IP is
> enclosed in them in logs too, but notice the "normal" brackets,
> which encloses EHLO name...
>
> Check docs for appropriate variables for these names and
> related settings, they are on multiple different places.
>
> regards
>
>
Thank you for the clarification. So in the case of the log showing
H=(hostname) [ip] then the HELO/EHLO name matched the hostname obtained
by RDNS of the ip but if I saw H=hostname (other_hostname) [ip] then the
HELO/EHLO did not match the RDNS of the IP? What about when the hostname
is not in parenthesis in this format H=hostname [ip]?
I ask because I tried implementing this deny rule:
${if def:sender_host_name {no}{yes}}
And this rule is triggering on cases where I have H=(hostname) [ip]
but not in cases where I have H=hostname [ip]
An example from my recent logs:
H=cumin.exim.org [37.120.190.30]
This passed the above rule (meaning it found sender_host_name and
returned "no")
H=(223-22-233-97.mobile.dynamic.aptg.com.tw) [223.22.233.97]
This failed the above rule (sender_host_name was not defined and the
rule returned "yes")
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
