[exim-dev] [Bug 3027] New: exim -bh seems to use "expanded" IPv6 addresses

Exim Bugzilla via Exim-dev Thu, 21 Sep 2023 05:53:34 -0700

https://bugs.exim.org/show_bug.cgi?id=3027


            Bug ID: 3027
           Summary: exim -bh seems to use "expanded" IPv6 addresses
           Product: Exim
           Version: 4.96
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: General execution
          Assignee: unalloca...@exim.org
          Reporter: bugs_e...@henk.geekmail.org
                CC: exim-dev@lists.exim.org

Exim seems to work with "expanded" IPv6 addresses when invoked with -bh.
"Expanded" means with the full hextets instead of zeros being omitted and the
longest sequence of 0 hextets being replaced by ::, e.g.
2001:0db8:1234:1234:1234:0000:0000:0001
instead of
2001:db8:1234:1234:1234::1

It can be seen in the following example:
% exim -C /dev/null -v -bh 2001:db8:1234:1234:1234::1

**** SMTP testing session as if from host
2001:0db8:1234:1234:1234:0000:0000:0001
**** but without any ident (RFC 1413) callback.
**** This is not for real!

host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
  SMTP connection from [2001:0db8:1234:1234:1234:0000:0000:0001]


This does not seem to happen during "normal" operations:
# cat tmp/2023-09-20_exim_config.conf
daemon_smtp_ports = 1234
spool_directory = /home/henk/tmp/exim_spool_test


# exim -C tmp/2023-09-20_exim_config.conf -d -bdf
Exim version 4.96 uid=0 gid=0 pid=6597 D=f7715cfd
Support for: crypteq iconv() IPv6 GnuTLS TLS_resume move_frozen_messages DANE
DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SOCKS SRS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 external plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [12.2.0]
Library version: Glibc: Compile: 2.36
                        Runtime: 2.36
Library version: BDB: Compile: Berkeley DB 5.3.28: (September  9, 2013)
                      Runtime: Berkeley DB 5.3.28: (September  9, 2013)
Library version: GnuTLS: Compile: 3.7.9
                         Runtime: 3.7.9
Library version: IDN2: Compile: 2.3.3
                       Runtime: 2.3.3
Library version: Stringprep: Compile: 1.41
                             Runtime: 1.41
Library version: PCRE2: Compile: 10.42
                        Runtime: 10.42 2022-12-11
Total 14 lookups
WHITELIST_D_MACROS: "OUTGOING"
TRUSTED_CONFIG_LIST: "/etc/exim4/trusted_configs"
changed uid/gid: forcing real = effective
  uid=0 gid=0 pid=6597
  auxiliary group list: <none>
LOG: MAIN
  Warning: purging the environment.
 Suggested action: use keep_environment.
configuration file is tmp/2023-09-20_exim_config.conf
log selectors = 00000ffc 64205022 0000000c
cwd=/root 5 args: exim -C tmp/2023-09-20_exim_config.conf -d -bdf
trusted user
admin user
dropping to exim gid; retaining priv uid
originator: uid=0 gid=0 login=root name=root
LOG: MAIN
  Warning: No server certificate defined; will use a selfsigned one.
 Suggested action: either install a certificate or change tls_advertise_hosts
option
fresh-exec forking for cipher-validate
fresh-exec forked for cipher-validate: 6599
postfork: cipher-validate
changed uid/gid: calling tls_validate_require_cipher
  uid=106 gid=111 pid=6599
  auxiliary group list: <none>
>>>>>>>>>>>>>>>> Exim pid=6599 (cipher-validate) terminating with rc=0 
>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>
tls_validate_require_cipher child 6599 ended: status=0x0
 6597 creating notifier socket
 6597  @/home/henk/tmp/exim_spool_test/exim_daemon_notify
 6597 listening on all interfaces (IPv6) port 1234
 6597 listening on all interfaces (IPv4) port 1234
 6597 pid written to /run/exim4/exim.pid
 6597 changed uid/gid: running as a daemon
 6597   uid=106 gid=111 pid=6597
 6597   auxiliary group list: 111
 6597 LOG: MAIN
 6597   exim 4.96 daemon started: pid=6597, no queue runs, listening for SMTP
on port 1234 (IPv6 and IPv4)
 6597 set_process_info:  6597 daemon(4.96): no queue runs, listening for SMTP
on port 1234 (IPv6 and IPv4)
 6597 GnuTLS global init required
 6597 TLS: basic cred init, server
 6597 TLS: generating selfsigned server cert
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<2>: Disabling X.509 extensions.
 6597 GnuTLS<2>: signing structure using RSA-SHA256
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 GnuTLS<3>: ASSERT:
../../../lib/x509/x509_ext.c[gnutls_subject_alt_names_get]:111
 6597 GnuTLS<3>: ASSERT: ../../../lib/x509/x509.c[get_alt_name]:2012
 6597 GnuTLS<3>: ASSERT: ../../../lib/nettle/mpi.c[wrap_nettle_mpi_print]:60
 6597 TLS: preloading CA bundle for server
 6597 GnuTLS<3>: ASSERT:
../../../lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:1039
 6597 GnuTLS<3>: ASSERT:
../../../lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:1039
 6597 GnuTLS<3>: ASSERT:
../../../lib/x509/dn.c[_gnutls_x509_compare_raw_dn]:1039
 6597 Added 142 certificate authorities
 6597 TLS: not preloading CRL for server
 6597 TLS: preloading cipher list for server: NULL
 6597 GnuTLS using default session cipher/priority "NORMAL"
 6597 GnuTLS<2>: added 6 protocols, 29 ciphersuites, 19 sig algos and 10 groups
into priority list
 6597 daemon running with uid=106 gid=111 euid=106 egid=111
 6597 Listening...
 6597 Connection request from 2001:1620:ae4:1::66f port 41112
 6597 search_tidyup called
 6597 daemon forking for daemon-accept
 6597 daemon forked for daemon-accept: 6618
 6597 1 SMTP accept process running
 6597 Listening...
 6618 postfork: daemon-accept
 6618 sender_fullhost = [2001:1620:ae4:1::66f]
 6618 sender_rcvhost = [2001:1620:ae4:1::66f]
 6618 Process 6618 is handling incoming connection from [2001:1620:ae4:1::66f]
 6618 host in host_lookup? no (option unset)
 6618 set_process_info:  6618 handling incoming connection from
[2001:1620:ae4:1::66f]
 6618 host in host_reject_connection? no (option unset)
 6618 host in sender_unqualified_hosts? no (option unset)
 6618 host in recipient_unqualified_hosts? no (option unset)
 6618 host in helo_verify_hosts? no (option unset)
 6618 host in helo_try_verify_hosts? no (option unset)
 6618 host in helo_accept_junk_hosts? no (option unset)
 6618 host in pipelining_connect_advertise_hosts? yes (matched "*")
 6618 SMTP>> 220 frustcomp.hnjs.home.arpa ESMTP Exim 4.96 Thu, 21 Sep 2023
13:22:48 +0200
 6618 TCP_INFO getsockopt: Success
 6618 Process 6618 is ready for new message
 6618 smtp_setup_msg entered
 6618 SMTP>> 421 frustcomp.hnjs.home.arpa lost input connection
 6618 LOG: smtp_connection MAIN
 6618   SMTP connection from [2001:1620:ae4:1::66f] lost D=7s
 6618 search_tidyup called
 6618 SMTP>>(close on process exit)
 6618 >>>>>>>>>>>>>>>> Exim pid=6618 (daemon-accept) terminating with rc=1
>>>>>>>>>>>>>>>>
 6597 child 6618 ended: status=0x100
 6597   normal exit, 1
 6597 0 SMTP accept processes now running
 6597 Listening...
^C 6597 SIGTERM/SIGINT seen
 6597 daemon forking for daemon-del-pidfile
 6597 daemon forked for daemon-del-pidfile: 6686
 6686 postfork: daemon-del-pidfile
 6686 exec /usr/sbin/exim4 -C tmp/2023-09-20_exim_config.conf -d=0xf7795cfd
-MCd daemon-del-pidfile -oPX
 6597 search_tidyup called
 6597 >>>>>>>>>>>>>>>> Exim pid=6597 (daemon) terminating with rc=0
>>>>>>>>>>>>>>>>



This is an issue when trying to debug config problems with lookups of IPv6
addresses in $sender_host_address.

Expectation is that the handling of (IPv6) addresses is exactly the same when
in any of the testing/debugging modes.
Exim should normalize the address in every case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

-- 
## subscription configuration (requires account):
##   https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
##   exim-dev-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim-dev] [Bug 3027] New: exim -bh seems to use "expanded" IPv6 addresses

Reply via email to