On 2023-05-28 03:10, Slavko via Exim-users wrote:
Dňa 28. mája 2023 9:35:07 UTC používateľ AC via Exim-users
<[email protected]> napísal:
Thanks, I already did check localhost but it appears what I was after was
actually sender_host_name being empty which, from what I understand, is what
H=([ip]) actually represents in the logs (if that's not the case hopefully
someone can correct me).
There are two names of remote client, the one used in EHLO
SMTP command and one from IPs PTR record.
The EHLO name is shown in log only if it differs from (confirmed)
PTR name
The PTR name is in log only if that name's IP matches client's
IP (is confirmed) and exim is configured to obtain that PTR
name (i do it on MTA but don't do it on MSA).
Thus full host entry in log has format (if EHLO & PTR names
differs)
H=ptr_name (ehlo_name) [client_ip]
The log entry "H=([ip]) ..." means, that here is not (confirmed)
PTR name and client used IP literal in EHLO name. It is expected
on MSA (from users), but AFAIK has not be used by MTA
nowadays (i do not accept it). Address literal is basically
IP (with prefix for IPv6) enclosed in squared brackets, thus
simple ${sg} regex can detect it...
These squared brackets can be confusing, as real IP is
enclosed in them in logs too, but notice the "normal" brackets,
which encloses EHLO name...
Check docs for appropriate variables for these names and
related settings, they are on multiple different places.
regards
Thank you for the clarification. So in the case of the log showing
H=(hostname) [ip] then the HELO/EHLO name matched the hostname obtained
by RDNS of the ip but if I saw H=hostname (other_hostname) [ip] then the
HELO/EHLO did not match the RDNS of the IP? What about when the hostname
is not in parenthesis in this format H=hostname [ip]?
I ask because I tried implementing this deny rule:
${if def:sender_host_name {no}{yes}}
And this rule is triggering on cases where I have H=(hostname) [ip]
but not in cases where I have H=hostname [ip]
An example from my recent logs:
H=cumin.exim.org [37.120.190.30]
This passed the above rule (meaning it found sender_host_name and
returned "no")
H=(223-22-233-97.mobile.dynamic.aptg.com.tw) [223.22.233.97]
This failed the above rule (sender_host_name was not defined and the
rule returned "yes")
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
