On 03/28/2011 02:08 AM, Dave Evans wrote:
On Mon, Mar 28, 2011 at 12:04:02AM -0400, Peter Thomassen wrote:
I was testing around with exim4 -d -bh, sending an e-mail from some
@physik.uni-wuerzburg.de address to myself. I coincidentally saw the
following debugging output:
Verifying<...>@physik.uni-wuerzburg.de
address match: subject=<...>@physik.uni-wuerzburg.de pattern=*@+local_domains
physik.uni-wuerzburg.de in "@:localhost:localhost.a4a.de:a4a.de:mail.a4a.de:mysql;SELECT
DISTINCT full_domain FROM mail_alias WHERE full_domain='peter-thomassen.de'"? yes (matched
"mysql;SELECT DISTINCT full_domain FROM mail_alias WHERE
full_domain='peter-thomassen.de'")
physik.uni-wuerzburg.de in "+local_domains"? yes (matched "+local_domains")
<...>physik.uni-wuerzburg.de in "*@+local_domains"? yes (matched
"*@+local_domains")
$domain means different things in different contexts. Sometimes it's the
sender's domain, sometimes it's that of the recipient. It all depends on your
config, which of course we don't yet know. For example, you tell us how
MAIN_LOCAL_DOMAINS is defined, but you don't tell us why you think that's
relevant, e.g. where it's used.
If you need a more concrete explanation, I think you'll need to show us rather
more of your config.
Sure:
MAIN_LOCAL_DOMAINS =
@:localhost:localhost.a4a.de:a4a.de:mail.a4a.de:mysql;SELECT DISTINCT
full_domain FROM mail_alias WHERE full_domain='${quote_mysql:$domain}'
> domainlist local_domains = MAIN_LOCAL_DOMAINS
As said, a testing session was done for sending mail from
<...>@physik.uni-wuerzburg.de to my address.
The problem occurs from the usual sender verify stanza in the RCPT ACL:
deny
message = Sender verification failed
!acl = acl_local_deny_exceptions
!verify = sender
The debug log output from my original post is exactly what comes after
this !verify = sender. The debug log says
Verifying [email protected]
address match: subject=<...>@physik.uni-wuerzburg.de pattern=*@+local_domains
as it makes sense to verify the sender.
However, the following lookup does not lookup the
physik.uni-wuerzburg.de domain, but peter-thomassen.de. So it comes that
the check whether or not the domain is in +local_domains yields "true",
because the domain peter-thomassen.de is a local domain. However,
physik.uni-wuerzburg.de is not. It seems wrong to me that the recipient
domain is checked here.
Note that it claims to check for physik.uni-wuerzburg.de but in fact
matches against peter-thomassen.de, in the same debug line.
This happens right before routing is done at the verification stage
(thus, before "Considering <...>@physik.uni-wuerzburg.de). So, is the
matching against *@+local_domains a check that is always performed
during sender verification, independently of the routing?
I wondered whether a broken router might cause this, but actually the
debug output is before the routing is done. Also, I could not find
suspicious routers. Additionally, when the verification routing is done
after the "Considering <...>@physik.uni-wuerzburg.de" line in the debug
log, physik.uni-wuerzburg.de is in fact matched against +local_domains,
and it does not match, as expected.
I hope you can somehow deduce what's going on. In case you need further
information, I'd be happy to provide it.
Best,
Peter
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
