https://bugs.exim.org/show_bug.cgi?id=2147
Bug ID: 2147
Summary: Random callout check causes actual causes ACL to defer
Product: Exim
Version: 4.89
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: ACLs
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
It looks like in exim 4.89 there is a inconsistency in the verification
function.
A successful random=accept callout result is actually causing the verify ACL
command to defer, while if the the random=accept result is in the cache the
verification passes.
Version information:
--------------------
Debian package
========
root@server1:~# exim -bV
Exim version 4.89 #1 built 14-Jun-2017 05:03:07
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR PROXY SOCKS
TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
========
Exim configuration:
-------------------
In RCPT ACL:
=====
acl_check_rcpt:
deny
!verify = recipient/callout=2m,random
accept
set acl_m_verification = success
=====
In router:
=====
begin routers
spamexperts:
debug_print = "R: spamexperts for $local_part@$domain"
driver = manualroute
host_find_failed = ignore
host_all_ignored = freeze
transport = remote_smtp_se
route_list = $domain "<, mail.simplyspamfree.com"
=====
In transport:
=====
begin transports
remote_smtp_se:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
hosts_verify_avoid_tls = *
=====
Debugging with -bhc option
--------------------------
The debug while the random result is not in the cache:
=====
rcpt to:<[email protected]>
>>> using ACL "acl_check_rcpt"
>>> processing "deny"
>>> check !verify = recipient/callout=2m,random
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing [email protected]
>>> R: spamexperts for [email protected]
>>> calling spamexperts router
>>> catchall.simplyspamfree.com in "catchall.simplyspamfree.com"? yes (matched
>>> "catchall.simplyspamfree.com")
>>> routed by spamexperts router
>>> Attempting full verification using callout
>>> callout cache: no domain record found for catchall.simplyspamfree.com
>>> callout cache: no address record found for [email protected]
>>> interface=NULL port=25
>>> Connecting to mail.simplyspamfree.com [2a01:4f8:161:124b::173]:25 ...
>>> 2a01:4f8:161:124b::173 in hosts_try_fastopen? no (option unset)
>>> connected
>>> SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Fri, 14 Jul 2017
>>> 10:54:56 +0200
>>> 2a01:4f8:161:124b::173 in hosts_avoid_esmtp? no (option unset)
>>> SMTP>> EHLO server1.test24.simplyspamfree.com
>>> cmd buf flush 40 bytes
>>> SMTP<< 250-mail.simplyspamfree.com Hello
>>> server1.test24.simplyspamfree.com [2a01:4f8:161:124b::4024]
>>> 250-SIZE 52428800
>>> 250-8BITMIME
>>> 250-PIPELINING
>>> 250 HELP
>>> 2a01:4f8:161:124b::173 in hosts_require_tls? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_avoid_pipelining? no (option unset)
>>> 2a01:4f8:161:124b::173 in hosts_require_auth? no (option unset)
>>> SMTP>> MAIL FROM:<> SIZE=1023
>>> SMTP>> RCPT
>>> TO:<server1.test24.simplyspamfree.com-1500022496-test...@catchall.simplyspamfree.com>
>>> cmd buf flush 116 bytes
>>> SMTP<< 250 OK
>>> SMTP<< 250 Accepted
>>> SMTP>> QUIT
>>> cmd buf flush 6 bytes
>>> SMTP<< 221 mail.simplyspamfree.com closing connection
>>> SMTP(close)>>
>>> interface=NULL port=25
>>> Connecting to mail.simplyspamfree.com [5.9.235.173]:25 ... 5.9.235.173 in
>>> hosts_try_fastopen? no (option unset)
>>> connected
>>> SMTP<< 220 mail.simplyspamfree.com ESMTP Exim 4.80 Fri, 14 Jul 2017
>>> 10:54:56 +0200
>>> 5.9.235.173 in hosts_avoid_esmtp? no (option unset)
>>> SMTP>> EHLO server1.test24.simplyspamfree.com
>>> cmd buf flush 40 bytes
>>> SMTP<< 250-mail.simplyspamfree.com Hello
>>> server1.test24.simplyspamfree.com [5.9.235.163]
>>> 250-SIZE 52428800
>>> 250-8BITMIME
>>> 250-PIPELINING
>>> 250 HELP
>>> 5.9.235.173 in hosts_require_tls? no (option unset)
>>> 5.9.235.173 in hosts_avoid_pipelining? no (option unset)
>>> 5.9.235.173 in hosts_require_auth? no (option unset)
>>> SMTP>> MAIL FROM:<> SIZE=1023
>>> SMTP>> RCPT
>>> TO:<server1.test24.simplyspamfree.com-1500022496-test...@catchall.simplyspamfree.com>
>>> cmd buf flush 116 bytes
>>> SMTP<< 250 OK
>>> SMTP<< 250 Accepted
>>> SMTP>> QUIT
>>> cmd buf flush 6 bytes
>>> SMTP<< 221 mail.simplyspamfree.com closing connection
>>> SMTP(close)>>
>>> wrote callout cache domain record for catchall.simplyspamfree.com:
>>> result=1 postmaster=0 random=1
>>> ----------- end verify ------------
>>> deny: condition test deferred in ACL "acl_check_rcpt"
451 Could not complete recipient verify callout
LOG: H=(server1.test24.simplyspamfree.com) [127.0.0.1] F=<> temporarily
rejected RCPT <[email protected]>: Could not complete recipient
verify callout
=====
Note that the result was also written into the cache, so at the next attempt
the verification is successful:
=====
RSET
250 Reset OK
MAIL FROM:<>
>>> using ACL "acl_check_mail"
>>> processing "accept"
>>> accept: condition test succeeded in ACL "acl_check_mail"
>>> end of ACL "acl_check_mail": ACCEPT
250 OK
RCPT TO:<[email protected]>
>>> using ACL "acl_check_rcpt"
>>> processing "deny"
>>> check !verify = recipient/callout=2m,random
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing [email protected]
>>> R: spamexperts for [email protected]
>>> calling spamexperts router
>>> catchall.simplyspamfree.com in "catchall.simplyspamfree.com"? yes (matched
>>> "catchall.simplyspamfree.com")
>>> routed by spamexperts router
>>> Attempting full verification using callout
>>> callout cache: found domain record for catchall.simplyspamfree.com
>>> callout cache: domain accepts random addresses
>>> ----------- end verify ------------
>>> deny: condition test failed in ACL "acl_check_rcpt"
>>> processing "accept"
>>> check set acl_m_verification = success
>>> accept: condition test succeeded in ACL "acl_check_rcpt"
>>> end of ACL "acl_check_rcpt": ACCEPT
250 Accepted
=====
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
