diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2017-01-17 18:03:15 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2017-01-19 12:25:55 +0000 |
| commit | 62ee80535b325100f05758fe1b6d22cb3cae9f73 (patch) | |
| tree | 74b0ac1fc321163e87e29c25e74a1f0eef7e5935 | |
| parent | 6aa6fc9c5304536913bc585d0395093213fce72d (diff) | |
Docs: add note on round-robin DNS problems vs. authentication
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index db4c6e2a2..18e171036 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -25865,6 +25865,19 @@ turned into a permanent error if you wish. In the second case, Exim tries to deliver the message unauthenticated. .endlist +.new +Note that the hostlist test for whether to do authentication can be +confused if name-IP lookups change between the time the peer is decided +on and the transport running. For example, with a manualroute +router given a host name, and DNS "round-robin" use by that name: if +the local resolver cache times out between the router and the transport +running, the transport may get an IP for the name for its authentication +check which does not match the connection peer IP. +No authentication will then be done, despite the names being identical. + +For such cases use a separate transport which alwats authenticates. +.wen + .cindex "AUTH" "on MAIL command" When Exim has authenticated itself to a remote server, it adds the AUTH parameter to the MAIL commands it sends, if it has an authenticated sender for |