On 2008-01-17 at 10:15 +0900, Randy Bush wrote:
> thanks!
Poor Peter, he replied twice but you probably didn't see it since you
would have been rejecting exim-users coming in over IPv6.
> if this gets out, it worked!
It got out.
Is the configuration exactly as described? Which version of Exim are
you using? I don't see the behaviour which you see. I can't see any
changes in the ChangeLog regarding changes in this behaviour, so
something else is wrong in your system to cause this. If memory serves,
you're using FreeBSD; in fact, your Received: headers confirm this. I'm
using FreeBSD, so it's the same OS (modulo platform/release
differences).
I just added this to the zonefile for globnix.net:
2.0.0.127.testbl IN A 127.0.1.0
TXT "Test entry for pseudo-RBL"
1.0.0.2.testbl IN A 127.0.2.1
TXT "Entry matching 2001::/8 IPv6 address space"
2.0.0.2.testbl IN A 127.0.2.2
TXT "Entry matching 2002::/8 IPv6 address space"
and I set up "fred.conf" as an Exim config which denied connections
which are on that list, via:
deny !authenticated = *
domains = +local_domains
verify = recipient
message = You are on RBL $dnslist_domain: $dnslist_text
dnslists = testbl.globnix.net
logwrite = Blocked Sender host [$sender_host_address] \
because on RBL $dnslist_domain: $dnslist_text
% exim -C fred.conf -bh 2001:980:fff:31::1
[..., try to send an email ...]
>>> check dnslists = testbl.globnix.net
>>> DNS list check: testbl.globnix.net
>>> new DNS lookup for
>>> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.3.0.0.f.f.f.0.0.8.9.0.1.0.0.2.testbl.globnix.net
>>> DNS lookup for
>>> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.3.0.0.f.f.f.0.0.8.9.0.1.0.0.2.testbl.globnix.net
>>> failed
>>> => that means 2001:0980:0fff:0031:0000:0000:0000:0001 is not listed at
>>> testbl.globnix.net
>>> deny: condition test failed
Whereas when I use 2.0.0.1 directly (meh, it's currently bogon anyway):
% exim -C fred.conf -bh 2.0.0.1
[...]
>>> check dnslists = testbl.globnix.net
>>> DNS list check: testbl.globnix.net
>>> new DNS lookup for 1.0.0.2.testbl.globnix.net
>>> DNS lookup for 1.0.0.2.testbl.globnix.net succeeded (yielding 127.0.2.1)
>>> => that means 2.0.0.1 is listed at testbl.globnix.net
>>> check logwrite = Blocked Sender host [$sender_host_address] because on RBL
>>> $dnslist_domain: $dnslist_text
>>> = Blocked Sender host [2.0.0.1] because on RBL
>>> testbl.globnix.net: Entry matching 2001::/8 IPv6 address space
LOG: [4822] Blocked Sender host [2.0.0.1] because on RBL testbl.globnix.net:
Entry matching 2001::/8 IPv6 address space
>>> deny: condition test succeeded
550-You are on RBL testbl.globnix.net: Entry matching 2001::/8 IPv6 address
550 space
LOG: [4822] H=(redoubt) [2.0.0.1] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL
PROTECTED]>: You are on RBL testbl.globnix.net: Entry matching 2001::/8 IPv6
address space
I begin to have a horrid suspicion that the RBL which you're querying
has a server-side bug where it truncates the query to four components
below itself and doesn't notice the read of the query. I don't use the
RBL in question and don't know how to access it (commercial, isn't it?)
so can't check this myself.
-Phil
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
