Bug#992421: dnslookup_relay_to_domains probably needs ignore_target_hosts
Hi Andreas, I need to build a test domain since this looks like the issue only appears if the higher order MX has been unavailable for some time. Trying exim -bt now results in the local host no longer present in the list. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#992421: dnslookup_relay_to_domains probably needs ignore_target_hosts
On 2021-08-25 Marc Haber wrote: > On Tue, Aug 24, 2021 at 07:47:46PM +0200, Andreas Metzler wrote: > > According to chapter 3, »8. Recognizing the local host« exim uses the > > local_interfaces setting (unless it is 0.0.0.0 or ::0) to recognize the > > local host. - Are you setting it? > No, MAIN_LOCAL_INTERFACES isn't set. Hmm strange. You should get something like this when running exim -d+all -bt address@shouldfail 09:52:27 171478 shouldfail in dns_ipv4_lookup? yes (matched "*") 09:52:27 171478 DNS lookup of shouldfail (A) succeeded 09:52:27 171478 Actual local interface address is 127.0.0.1 (lo) 09:52:27 171478 Actual local interface address is xx.yy.zz.aaa (eth0) ... 09:52:27 171478 local host found for non-MX address 09:52:27 171478 fully qualified name = shouldfail 09:52:27 171478 shouldfail xx.yy.zz.aaa mx=-1 sort=-298 09:52:27 171478 Coerced resolver DNSSEC support on. 09:52:27 171478 LOG: MAIN 09:52:27 171478 remote host address is the local host: shouldfail (while routing ) 09:52:27 171478 dnslookup router: defer for address@shouldfail 09:52:27 171478 message: remote host address is the local host address@shouldfail cannot be resolved at this time: remote host address is the local host cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#992421: dnslookup_relay_to_domains probably needs ignore_target_hosts
On Tue, Aug 24, 2021 at 07:47:46PM +0200, Andreas Metzler wrote: > According to chapter 3, »8. Recognizing the local host« exim uses the > local_interfaces setting (unless it is 0.0.0.0 or ::0) to recognize the > local host. - Are you setting it? No, MAIN_LOCAL_INTERFACES isn't set. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#992421: dnslookup_relay_to_domains probably needs ignore_target_hosts
On 2021-08-18 Marc Haber wrote: > Package: exim4-config > Version: 4.94.2-2~zg100+3 > Severity: normal > Hi, > I am not sure whether this is an actual bug. I have observed this > behaviod on an exim that is backup MX for domain.example. The MX records > are like: > domain.example mail is handled by 0 mx.domain.example. > domain.example mail is handled by 10 myexim.otherdomain.example. > Both hosts have both IPv4 and IPv6 addresses in DNS; the local resolver > on myexim.otherdomain.example resolves its own host name to 127.0.1.1 by > virtue of the normal Debian /etc/hosts file. > [36/5023]mh@q:~ $ sudo exim -bt lists@domain.example > R: domain_literal for lists@domain.example > R: dnslookup_relay_to_domains for lists@domain.example > lists@domain.example > router = dnslookup_relay_to_domains, transport = remote_smtp > host mx.domain.example [IPv6 address] MX=0 > host mx.domain.example [IPv4 address] MX=0 > host myexim.otherdomain.example [127.0.1.1] > MX=10 > [37/5024]mh@q:~ $ > If mx.domain.example refuses mail, the local exim happily delivers to itself, > causing a loop: > 2021-08-18 08:06:15 1mGEiM-00089y-Vx <= > linux-staging+bounces-5545-lists=domain.exam...@lists.linux.dev H=localhost > (myexim.otherdomin.example) [127.0.0.1] P=esmtps > X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no K > S=14699 id= [...] > Or is exim supposed to never relay to itself automatically? If that is the > case, more debugging is needed to find out why this happens here. Advice > appreciated. Hello Marc, https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_dnslookup_router.html says: | Unless they have the highest priority (lowest MX value), MX records that | point to the local host, or to any host name that matches | hosts_treat_as_local, are discarded, together with any other MX records | of equal or lower priority. | | If the host pointed to by the highest priority MX record, or looked up | as an address record, is the local host, or matches | hosts_treat_as_local, what happens is controlled by the generic self | option. (and self= defaults to "freeze") According to chapter 3, »8. Recognizing the local host« exim uses the local_interfaces setting (unless it is 0.0.0.0 or ::0) to recognize the local host. - Are you setting it? cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#992421: dnslookup_relay_to_domains probably needs ignore_target_hosts
Package: exim4-config Version: 4.94.2-2~zg100+3 Severity: normal Hi, I am not sure whether this is an actual bug. I have observed this behaviod on an exim that is backup MX for domain.example. The MX records are like: domain.example mail is handled by 0 mx.domain.example. domain.example mail is handled by 10 myexim.otherdomain.example. Both hosts have both IPv4 and IPv6 addresses in DNS; the local resolver on myexim.otherdomain.example resolves its own host name to 127.0.1.1 by virtue of the normal Debian /etc/hosts file. [36/5023]mh@q:~ $ sudo exim -bt lists@domain.example R: domain_literal for lists@domain.example R: dnslookup_relay_to_domains for lists@domain.example lists@domain.example router = dnslookup_relay_to_domains, transport = remote_smtp host mx.domain.example [IPv6 address] MX=0 host mx.domain.example [IPv4 address] MX=0 host myexim.otherdomain.example [127.0.1.1] MX=10 [37/5024]mh@q:~ $ If mx.domain.example refuses mail, the local exim happily delivers to itself, causing a loop: 2021-08-18 08:06:15 1mGEiM-00089y-Vx <= linux-staging+bounces-5545-lists=domain.exam...@lists.linux.dev H=localhost (myexim.otherdomin.example) [127.0.0.1] P=esmtps X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no K S=14699 id= 2021-08-18 08:06:15 1mGEiK-00089g-NR => lists@domain.example R=dnslookup_relay_to_domains T=remote_smtp H=myexim.otherdomain.example [127.0.1.1] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=yes DN= K C="250- 7595 byte chunk, total 14687\\n250 OK id=1mGEiM-00089y-Vx" 2021-08-18 08:06:15 1mGEiK-00089g-NR Completed I have noticed that the dnslookup router in the upstream configure.defaut has a ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 option set, while our dnslookup_relay_to_domains router doesn't. I guess this was an omission made by myself back in 2003 when i added the dedicated handling of dnslookup for general e-mail and for domains that we have listed in dnslookup_relay_to_domains. I would like to suggest changing the dnslookup_relay_to_domains router to something like that: .ifndef ROUTER_DNSLOOKUP_RELAY_TO_DOMAINS_IGNORE_TARGET_HOSTS ROUTER_DNSLOOKUP_RELAY_TO_DOMAINS_IGNORE_TARGET_HOSTS = <; 0.0.0.0 ; 127.0.0.0/8 ; ::/128 ; ::1/128 .endif dnslookup_relay_to_domains: debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain" driver = dnslookup domains = ! +local_domains : +relay_to_domains transport = remote_smtp same_domain_copy_routing = yes ignore_target_hosts = ROUTER_DNSLOOKUP_RELAY_TO_DOMAINS_IGNORE_TARGET_HOSTS no_more Or is exim supposed to never relay to itself automatically? If that is the case, more debugging is needed to find out why this happens here. Advice appreciated. Greetings Marc -- Package-specific info: Exim version 4.94.2 #2 built 04-May-2021 19:57:22 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPE_CONNECT PRDR PROXY SOCKS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated Configuration file is /var/lib/exim4/config.autogenerated -- System Information: Debian Release: 10.10 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.13.10-zgsrv20080 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages exim4-config depends on: ii adduser3.118 ii debconf [debconf-2.0] 1.5.71 Versions of packages exim4-config recommends: ii ca-certificates 20200601~deb10u2 exim4-config suggests no packages. -- Configuration Files: /etc/exim4/conf.d/acl/20_exim4-config_local_deny_exceptions changed [not included] /etc/exim4/conf.d/router/600_exim4-config_userforward changed [not included] /etc/exim4/conf.d/router/700_exim4-config_procmail changed [not included] /etc/exim4/conf.d/router/800_exim4-config_maildrop changed [not included] /etc/exim4/conf.d/router/900_exim4-config_local_user changed [not included] /etc/exim4/passwd.client [Errno 13] Permission denied: '/etc/exim4/passwd.client' --
