On 26/02/2019 12:00, Jeremy Harris <[email protected]> wrote:
On 25/02/2019 18:43, Neil Youngman via Exim-users wrote:
Is this expected behaviour from nwildlsearch?
Example 1: It finds a match [email protected] but a look
up of bad.example.com returns NXDOMAIN. The condition fails, in spite of
having a match.
We can't tell where your nwildsearch start and ends, nor what else
your acl was doing. Show the full source, and don't obfuscate
the debug.
I've cut this down quite a lot to (hopefully) focus on the issue in
question.
Here's the config, I'm testing:
$ cat /tmp/example.cfg
exim_path=/usr/local/exim/exim
# %s differentiates the logs, i.e. main. reject or panic
log_file_path=/wasp/logs/exim_%s.log : syslog
syslog_timestamp=false
chunking_advertise_hosts =
primary_hostname = mail-test.wirefast.net
acl_smtp_rcpt = acl_allowed_rcpts
host_lookup = *
begin acl
# Wirefast: ACL for IM and Newslink domains
acl_allowed_rcpts:
accept hosts = :
accept domains = wirefast.net
hosts =
${lookup{$sender_address}nwildlsearch{/tmp/test_emails.txt}}
deny message = relay not permitted
begin routers
dnslookup:
driver = dnslookup
transport = remote_smtp
# ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
# if ipv6-enabled then instead use:
ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
no_more
begin transports
remote_smtp:
driver = smtp
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
# End of Exim configuration file
I test it initially with the Google mail servers as the first pattern to
match (the IP address given is for a Google mail server) and it finds
the match and accepts the condition.
$ echo '[email protected]
^^mail-.*\.google\.com$:bad.example.com' > /tmp/test_emails.txt
$ /usr/local/exim/exim -C/tmp/example.cfg -bh 209.85.208.53
**** SMTP testing session as if from host 209.85.208.53
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 209.85.208.53
>>> IP address lookup yielded "mail-ed1-f53.google.com"
>>> checking addresses for mail-ed1-f53.google.com
>>> 209.85.208.53 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 mail-test.wirefast.net ESMTP Exim 4.91_RC4 Tue, 26 Feb 2019 12:38:21
+0000
HELO test.wirefast.net
250 mail-test.wirefast.net Hello mail-ed1-f53.google.com [209.85.208.53]
MAIL FROM:<[email protected]>
250 OK
RCPT TO:<[email protected]>
>>> using ACL "acl_allowed_rcpts"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed in ACL "acl_allowed_rcpts"
>>> processing "accept"
>>> check domains = wirefast.net
>>> wirefast.net in "wirefast.net"? yes (matched "wirefast.net")
>>> check hosts =
${lookup{$sender_address}nwildlsearch{/tmp/test_emails.txt}}
>>> [email protected] in "[email protected]"? yes
(matched "[email protected]")
>>> host in "^^mail-.*\.google\.com$:bad.example.com"? yes (matched
"^^mail-.*\.google\.com$")
>>> accept: condition test succeeded in ACL "acl_allowed_rcpts"
>>> end of ACL "acl_allowed_rcpts": ACCEPT
250 Accepted
quit
221 mail-test.wirefast.net closing connection
For the second test it has bad.example.com as the first possible match.
It still matched "[email protected]", but that match seems to
be overridden by the NXDOMAIN from bad.example.com and this time it does
not accept the condition.
$ echo '[email protected]
bad.example.com:^^mail-.*\.google\.com$' > /tmp/test_emails.txt
$ /usr/local/exim/exim -C/tmp/example.cfg -bh 209.85.208.53
**** SMTP testing session as if from host 209.85.208.53
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 209.85.208.53
>>> IP address lookup yielded "mail-ed1-f53.google.com"
>>> checking addresses for mail-ed1-f53.google.com
>>> 209.85.208.53 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 mail-test.wirefast.net ESMTP Exim 4.91_RC4 Tue, 26 Feb 2019 12:39:50
+0000
MAIL FROM:<[email protected]>
250 OK
RCPT TO:<[email protected]>
>>> using ACL "acl_allowed_rcpts"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed in ACL "acl_allowed_rcpts"
>>> processing "accept"
>>> check domains = wirefast.net
>>> wirefast.net in "wirefast.net"? yes (matched "wirefast.net")
>>> check hosts =
${lookup{$sender_address}nwildlsearch{/tmp/test_emails.txt}}
>>> [email protected] in "[email protected]"? yes
(matched "[email protected]")
>>> no IP address found for host bad.example.com (during SMTP
connection from mail-ed1-f53.google.com [209.85.208.53])
LOG: no IP address found for host bad.example.com (during SMTP
connection from mail-ed1-f53.google.com [209.85.208.53])
>>> host in "bad.example.com:^^mail-.*\.google\.com$"? no (failed to
find IP address for bad.example.com)
>>> accept: condition test failed in ACL "acl_allowed_rcpts"
>>> processing "deny"
>>> message: relay not permitted
>>> deny: condition test succeeded in ACL "acl_allowed_rcpts"
>>> end of ACL "acl_allowed_rcpts": DENY
550 relay not permitted
LOG: H=mail-ed1-f53.google.com [209.85.208.53]
F=<[email protected]> rejected RCPT <[email protected]>:
relay not permitted
quit
221 mail-test.wirefast.net closing connection
I hope that is sufficient to answer whether that is expected behaviour.
I couldn't see anything in the manual that suggested to me that the
second test should have a different result to the first.
Neil Youngman
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
