summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt5
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--src/src/acl.c8
-rw-r--r--test/confs/00234
-rw-r--r--test/scripts/0000-Basic/002311
-rw-r--r--test/stderr/002342
-rw-r--r--test/stdout/002318
7 files changed, 88 insertions, 3 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d5a16cacc..77d966d6d 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -28824,7 +28824,7 @@ verified is redirected to a single address, verification continues with the new
address, and in that case, the subsequent value of &$address_data$& is the
value for the child address.
-.vitem &*verify&~=&~reverse_host_lookup*&
+.vitem &*verify&~=&~reverse_host_lookup/*&<&'options'&>
.cindex "&%verify%& ACL condition"
.cindex "&ACL;" "verifying host reverse lookup"
.cindex "host" "verifying reverse lookup"
@@ -28835,6 +28835,9 @@ Verification ensures that the host name obtained from a reverse DNS lookup, or
one of its aliases, does, when it is itself looked up in the DNS, yield the
original IP address.
+There is one possible option, &`defer_ok`&. If this is present and a
+DNS operation returns a temporary error, the verify condition succeeds.
+
If this condition is used for a locally generated message (that is, when there
is no client host involved), it always succeeds.
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 57df78280..bfe872503 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -47,6 +47,9 @@ JH/11 The incoming_interface log option now also enables logging of the
JH/12 The cutthrough-routing facility now supports multi-recipient mails,
if the interface and destination host and port all match.
+JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
+ /defer_ok option.
+
Exim version 4.85
diff --git a/src/src/acl.c b/src/src/acl.c
index 06c1c494c..f0716e016 100644
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1662,7 +1662,7 @@ typedef struct {
unsigned alt_opt_sep; /* >0 Non-/ option separator (custom parser) */
} verify_type_t;
static verify_type_t verify_type_list[] = {
- { US"reverse_host_lookup", VERIFY_REV_HOST_LKUP, ~0, TRUE, 0 },
+ { US"reverse_host_lookup", VERIFY_REV_HOST_LKUP, ~0, FALSE, 0 },
{ US"certificate", VERIFY_CERT, ~0, TRUE, 0 },
{ US"helo", VERIFY_HELO, ~0, TRUE, 0 },
{ US"csa", VERIFY_CSA, ~0, FALSE, 0 },
@@ -1783,7 +1783,11 @@ switch(vp->value)
{
case VERIFY_REV_HOST_LKUP:
if (sender_host_address == NULL) return OK;
- return acl_verify_reverse(user_msgptr, log_msgptr);
+ if ((rc = acl_verify_reverse(user_msgptr, log_msgptr)) == DEFER)
+ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
+ if (strcmpic(ss, US"defer_ok") == 0)
+ return OK;
+ return rc;
case VERIFY_CERT:
/* TLS certificate verification is done at STARTTLS time; here we just
diff --git a/test/confs/0023 b/test/confs/0023
index 2e5e15cb2..43f140d65 100644
--- a/test/confs/0023
+++ b/test/confs/0023
@@ -98,6 +98,10 @@ acl_9_9_9:
acl_V4NET_0_0:
require verify = reverse_host_lookup
accept
+acl_V4NET_99_99:
+ accept local_parts = defer_ok
+ verify = reverse_host_lookup/defer_ok
+ accept verify = reverse_host_lookup
acl_V4NET_11_12:
deny message = host in DNS list $dnslist_domain: $dnslist_text
diff --git a/test/scripts/0000-Basic/0023 b/test/scripts/0000-Basic/0023
index 51e7123d0..3c028a1f0 100644
--- a/test/scripts/0000-Basic/0023
+++ b/test/scripts/0000-Basic/0023
@@ -189,6 +189,17 @@ mail from:<>
rcpt to:<x@y>
quit
****
+# This resolves to a name which will give `try again' when looked up
+exim -bh V4NET.99.99.96
+mail from:<>
+rcpt to:<x@y>
+quit
+****
+exim -bh V4NET.99.99.96
+mail from:<>
+rcpt to:<defer_ok@y>
+quit
+****
exim -bh 29.29.29.29
mail from:<a@localhost>
rcpt to:<x@y>
diff --git a/test/stderr/0023 b/test/stderr/0023
index 89c1d3993..7da373917 100644
--- a/test/stderr/0023
+++ b/test/stderr/0023
@@ -1128,6 +1128,48 @@ LOG: H=[V4NET.0.0.97] F=<> rejected RCPT <x@y>: host lookup failed for reverse l
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
+>>> using ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check local_parts = defer_ok
+>>> x in "defer_ok"? no (end of list)
+>>> accept: condition test failed in ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check verify = reverse_host_lookup
+>>> looking up host name to force name/address consistency check
+>>> looking up host name for V4NET.99.99.96
+>>> IP address lookup yielded "x.test.again.dns"
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> temporary error for host name lookup
+>>> accept: condition test deferred in ACL "acl_V4NET_99_99"
+LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferred for reverse lookup check
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> using ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check local_parts = defer_ok
+>>> defer_ok in "defer_ok"? yes (matched "defer_ok")
+>>> check verify = reverse_host_lookup/defer_ok
+>>> looking up host name to force name/address consistency check
+>>> looking up host name for V4NET.99.99.96
+>>> IP address lookup yielded "x.test.again.dns"
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> temporary error for host name lookup
+>>> accept: condition test succeeded in ACL "acl_V4NET_99_99"
+>>> end of ACL "acl_V4NET_99_99": ACCEPT
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
>>> using ACL "acl_29_29_29"
>>> processing "deny"
>>> check dnslists = test.ex/$sender_address_domain
diff --git a/test/stdout/0023 b/test/stdout/0023
index b805f334b..a835f2a4e 100644
--- a/test/stdout/0023
+++ b/test/stdout/0023
@@ -302,6 +302,24 @@
550 Administrative prohibition
221 myhost.test.ex closing connection
+**** SMTP testing session as if from host V4NET.99.99.96
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+451 Temporary local problem - please try later
+221 myhost.test.ex closing connection
+
+**** SMTP testing session as if from host V4NET.99.99.96
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+250 Accepted
+221 myhost.test.ex closing connection
+
**** SMTP testing session as if from host 29.29.29.29
**** but without any ident (RFC 1413) callback.
**** This is not for real!