From 1f155f8e69b44ee7678dd1009ae0348e5c8d768e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 19 May 2015 22:32:38 +0100 Subject: Change host_lookup re-forward from byname to bydns; checking DNSSEC --- doc/doc-docbook/spec.xfpt | 6 +-- doc/doc-txt/ChangeLog | 3 ++ src/src/functions.h | 3 +- src/src/host.c | 39 ++++++++-------- src/src/ip.c | 4 +- src/src/routers/iplookup.c | 1 + src/src/smtp_in.c | 4 ++ src/src/verify.c | 4 ++ test/stderr/0002 | 11 ++--- test/stderr/0020 | 113 ++++++--------------------------------------- test/stderr/0023 | 8 +--- test/stderr/0062 | 12 ----- test/stderr/0063 | 6 --- test/stderr/0064 | 6 --- test/stderr/0066 | 3 -- test/stderr/0069 | 3 -- test/stderr/0070 | 12 ----- test/stderr/0089 | 3 -- test/stderr/0094 | 15 ++---- test/stderr/0303 | 6 --- test/stderr/0308 | 3 -- test/stderr/0381 | 12 ++--- test/stderr/1000 | 3 -- test/stderr/2202 | 7 ++- 24 files changed, 67 insertions(+), 220 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d4ebf464d..c1668c7ac 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12223,7 +12223,8 @@ received. It is empty if there was no successful authentication. See also If an attempt to populate &$sender_host_name$& has been made (by reference, &%hosts_lookup%& or otherwise) then this boolean will have been set true if, and only if, the -resolver library states that the reverse DNS was authenticated data. At all +resolver library states that both +the reverse and forward DNS were authenticated data. At all other times, this variable is false. It is likely that you will need to coerce DNSSEC support on in the resolver @@ -12235,9 +12236,6 @@ dns_dnssec_ok = 1 Exim does not perform DNSSEC validation itself, instead leaving that to a validating resolver (eg, unbound, or bind with suitable configuration). -Exim does not (currently) check to see if the forward DNS was also secured -with DNSSEC, only the reverse DNS. - If you have changed &%host_lookup_order%& so that &`bydns`& is not the first mechanism in the list, then this variable will be false. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 789887e35..c6825d5be 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -103,6 +103,9 @@ JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN. JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards. +JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse, + when evaluating $sender_host_dnssec. + Exim version 4.85 ----------------- diff --git a/src/src/functions.h b/src/src/functions.h index 6b0689b3c..c3095c06b 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -197,7 +197,8 @@ extern void host_build_hostlist(host_item **, const uschar *, BOOL); extern ip_address_item *host_build_ifacelist(const uschar *, uschar *); extern void host_build_log_info(void); extern void host_build_sender_fullhost(void); -extern BOOL host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL); +extern BOOL host_find_byname(host_item *, const uschar *, int, + const uschar **, BOOL); extern int host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *, uschar *, const dnssec_domains *, const uschar **, BOOL *); extern ip_address_item *host_find_interfaces(void); diff --git a/src/src/host.c b/src/src/host.c index b3d38c578..4772a7c6c 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -1639,8 +1639,7 @@ if (running_in_test_harness && /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in the order specified by the host_lookup_order option. */ -while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) - != NULL) +while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) { if (strcmpic(ordername, US"bydns") == 0) { @@ -1661,8 +1660,6 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) int count = 0; int old_pool = store_pool; - /* Ideally we'd check DNSSEC both forward and reverse, but we use the - gethost* routines for forward, so can't do that unless/until we rewrite. */ sender_host_dnssec = dns_is_secure(&dnsa); DEBUG(D_dns) debug_printf("Reverse DNS security status: %s\n", @@ -1710,8 +1707,8 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) "empty name: treated as non-existent host name\n"); continue; } - if (sender_host_name == NULL) sender_host_name = s; - else *aptr++ = s; + if (!sender_host_name) sender_host_name = s; + else *aptr++ = s; while (*s != 0) { *s = tolower(*s); s++; } } @@ -1790,21 +1787,30 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++) int rc; BOOL ok = FALSE; host_item h; + dnssec_domains d; + h.next = NULL; h.name = hname; h.mx = MX_NONE; h.address = NULL; + d.request = sender_host_dnssec ? US"*" : NULL;; + d.require = NULL; - /* When called with the last argument FALSE, host_find_byname() won't return - HOST_FOUND_LOCAL. If the incoming address is an IPv4 address expressed in - IPv6 format, we must compare the IPv4 part to any IPv4 addresses. */ - - if ((rc = host_find_byname(&h, NULL, 0, NULL, FALSE)) == HOST_FOUND) + if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A, + NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND + || rc == HOST_FOUND_LOCAL + ) { host_item *hh; HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname); + + /* If the forward lookup was not secure we cancel the is-secure variable */ + + DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n", + h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified"); + if (h.dnssec != DS_YES) sender_host_dnssec = FALSE; + for (hh = &h; hh != NULL; hh = hh->next) - { if (host_is_in_net(hh->address, sender_host_address, 0)) { HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address); @@ -1812,10 +1818,8 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++) break; } else - { HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address); - } - } + if (!ok) HDEBUG(D_host_lookup) debug_printf("no IP address for %s matched %s\n", hname, sender_host_address); @@ -1828,9 +1832,7 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++) return DEFER; } else - { HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname); - } /* If this name is no good, and it's the sender name, set it null pro tem; if it's an alias, just remove it from the list. */ @@ -2539,8 +2541,7 @@ that gets set for DNS syntax check errors. */ if (fully_qualified_name != NULL) *fully_qualified_name = host->name; dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0, (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0, - dnssec_request - ); + dnssec_request); host_find_failed_syntax = FALSE; /* First, if requested, look for SRV records. The service name is given; we diff --git a/src/src/ip.c b/src/src/ip.c index f6c7433f5..9a7444ed8 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -309,8 +309,8 @@ else if (string_is_ip_address(hostname, NULL) != 0) else { shost.name = string_copy(hostname); - if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, - FALSE) != HOST_FOUND) + if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, + NULL, FALSE) != HOST_FOUND) { *errstr = string_sprintf("no IP address found for host %s", shost.name); return -1; diff --git a/src/src/routers/iplookup.c b/src/src/routers/iplookup.c index 33329f887..79d083ef2 100644 --- a/src/src/routers/iplookup.c +++ b/src/src/routers/iplookup.c @@ -207,6 +207,7 @@ while ((hostname = string_nextinlist(&listptr, &sep, host_buffer, host->address = host->name; else { +/*XXX might want dnssec request/require on an iplookup router? */ int rc = host_find_byname(host, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE); if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) continue; } diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 37cc023d3..b2f8b0fc8 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -3009,6 +3009,7 @@ else if (helo_verified) { + /*XXX have sender_host_dnssec */ HDEBUG(D_receive) debug_printf("matched host name\n"); } else @@ -3018,6 +3019,7 @@ else { helo_verified = strcmpic(*aliases++, sender_helo_name) == 0; if (helo_verified) break; + /*XXX have sender_host_dnssec */ } HDEBUG(D_receive) { @@ -3039,6 +3041,8 @@ else h.next = NULL; HDEBUG(D_receive) debug_printf("getting IP address for %s\n", sender_helo_name); +/*XXX would like to determine dnssec status here */ +/* need to change to bydns */ rc = host_find_byname(&h, NULL, 0, NULL, TRUE); if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL) { diff --git a/src/src/verify.c b/src/src/verify.c index 10cef82f1..506b7e09b 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -3245,6 +3245,10 @@ if (*t == 0) h.address = NULL; h.mx = MX_NONE; + /* Using byname rather than bydns here means we cannot determine dnssec + status. On the other hand it is unclear how that could be either + propagated up or enforced. */ + rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE); if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL) { diff --git a/test/stderr/0002 b/test/stderr/0002 index 2d0d1ab41..b4f06a104 100644 --- a/test/stderr/0002 +++ b/test/stderr/0002 @@ -117,10 +117,7 @@ expanding: ----> No lookup yet: ${if eq{black}{white}{$sender_host_name}{No}} result: ----> No lookup yet: No looking up host name for V4NET.0.0.1 IP address lookup yielded "ten-1.test.ex" -using host_fake_gethostbyname for ten-1.test.ex (IPv4) -MUNGED: ::1 will be omitted in what follows -get[host|ipnode]byname[2] looked up these IP addresses: - name=ten-1.test.ex address=V4NET.0.0.1 +ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx checking addresses for ten-1.test.ex V4NET.0.0.1 OK sender_fullhost = ten-1.test.ex [V4NET.0.0.1] @@ -160,13 +157,11 @@ looking up host name for V4NET.0.0.1 DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) using fakens DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) succeeded IP address lookup yielded "ten-1.test.ex" -using host_fake_gethostbyname for ten-1.test.ex (IPv4) DNS lookup of ten-1.test.ex (A) using fakens DNS lookup of ten-1.test.ex (A) succeeded -MUNGED: ::1 will be omitted in what follows -get[host|ipnode]byname[2] looked up these IP addresses: - name=ten-1.test.ex address=V4NET.0.0.1 +ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx checking addresses for ten-1.test.ex +Forward DNS security status: unverified V4NET.0.0.1 OK sender_fullhost = ten-1.test.ex [V4NET.0.0.1] sender_rcvhost = ten-1.test.ex ([V4NET.0.0.1]) diff --git a/test/stderr/0020 b/test/stderr/0020 index ee9c757d8..dc674fc69 100644 --- a/test/stderr/0020 +++ b/test/stderr/0020 @@ -2,114 +2,27 @@ >>> host in host_lookup? yes (matched "10.250.104.0/21") >>> looking up host name for 10.250.104.42 >>> IP address lookup yielded "manyhome.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=manyhome.test.ex address=10.250.104.0 ->>> name=manyhome.test.ex address=10.250.104.1 ->>> name=manyhome.test.ex address=10.250.104.2 ->>> name=manyhome.test.ex address=10.250.104.3 ->>> name=manyhome.test.ex address=10.250.104.4 ->>> name=manyhome.test.ex address=10.250.104.5 ->>> name=manyhome.test.ex address=10.250.104.6 ->>> name=manyhome.test.ex address=10.250.104.7 ->>> name=manyhome.test.ex address=10.250.104.8 ->>> name=manyhome.test.ex address=10.250.104.9 ->>> name=manyhome.test.ex address=10.250.104.10 ->>> name=manyhome.test.ex address=10.250.104.11 ->>> name=manyhome.test.ex address=10.250.104.12 ->>> name=manyhome.test.ex address=10.250.104.13 ->>> name=manyhome.test.ex address=10.250.104.14 ->>> name=manyhome.test.ex address=10.250.104.15 ->>> name=manyhome.test.ex address=10.250.104.16 ->>> name=manyhome.test.ex address=10.250.104.17 ->>> name=manyhome.test.ex address=10.250.104.18 ->>> name=manyhome.test.ex address=10.250.104.19 ->>> name=manyhome.test.ex address=10.250.104.20 ->>> name=manyhome.test.ex address=10.250.104.21 ->>> name=manyhome.test.ex address=10.250.104.22 ->>> name=manyhome.test.ex address=10.250.104.23 ->>> name=manyhome.test.ex address=10.250.104.24 ->>> name=manyhome.test.ex address=10.250.104.25 ->>> name=manyhome.test.ex address=10.250.104.26 ->>> name=manyhome.test.ex address=10.250.104.27 ->>> name=manyhome.test.ex address=10.250.104.28 ->>> name=manyhome.test.ex address=10.250.104.29 ->>> name=manyhome.test.ex address=10.250.104.30 ->>> name=manyhome.test.ex address=10.250.104.31 ->>> name=manyhome.test.ex address=10.250.104.32 ->>> name=manyhome.test.ex address=10.250.104.33 ->>> name=manyhome.test.ex address=10.250.104.34 ->>> name=manyhome.test.ex address=10.250.104.35 ->>> name=manyhome.test.ex address=10.250.104.36 ->>> name=manyhome.test.ex address=10.250.104.37 ->>> name=manyhome.test.ex address=10.250.104.38 ->>> name=manyhome.test.ex address=10.250.104.39 ->>> name=manyhome.test.ex address=10.250.104.40 ->>> name=manyhome.test.ex address=10.250.104.41 ->>> name=manyhome.test.ex address=10.250.104.42 ->>> name=manyhome.test.ex address=10.250.104.43 ->>> name=manyhome.test.ex address=10.250.104.44 ->>> name=manyhome.test.ex address=10.250.104.45 ->>> name=manyhome.test.ex address=10.250.104.46 ->>> name=manyhome.test.ex address=10.250.104.47 ->>> name=manyhome.test.ex address=10.250.104.48 ->>> name=manyhome.test.ex address=10.250.104.49 ->>> name=manyhome.test.ex address=10.250.104.50 ->>> name=manyhome.test.ex address=10.250.104.51 ->>> name=manyhome.test.ex address=10.250.104.52 ->>> name=manyhome.test.ex address=10.250.104.53 ->>> name=manyhome.test.ex address=10.250.104.54 ->>> name=manyhome.test.ex address=10.250.104.55 ->>> name=manyhome.test.ex address=10.250.104.56 ->>> name=manyhome.test.ex address=10.250.104.57 ->>> name=manyhome.test.ex address=10.250.104.58 ->>> name=manyhome.test.ex address=10.250.104.59 ->>> name=manyhome.test.ex address=10.250.104.60 ->>> name=manyhome.test.ex address=10.250.104.61 ->>> name=manyhome.test.ex address=10.250.104.62 >>> checking addresses for manyhome.test.ex ->>> 10.250.104.0 ->>> 10.250.104.1 +>>> 10.250.104.51 +>>> 10.250.104.17 >>> 10.250.104.2 ->>> 10.250.104.3 ->>> 10.250.104.4 ->>> 10.250.104.5 ->>> 10.250.104.6 ->>> 10.250.104.7 +>>> 10.250.104.26 >>> 10.250.104.8 ->>> 10.250.104.9 ->>> 10.250.104.10 ->>> 10.250.104.11 ->>> 10.250.104.12 ->>> 10.250.104.13 ->>> 10.250.104.14 ->>> 10.250.104.15 ->>> 10.250.104.16 ->>> 10.250.104.17 >>> 10.250.104.18 ->>> 10.250.104.19 ->>> 10.250.104.20 +>>> 10.250.104.25 >>> 10.250.104.21 ->>> 10.250.104.22 +>>> 10.250.104.39 +>>> 10.250.104.32 +>>> 10.250.104.29 >>> 10.250.104.23 ->>> 10.250.104.24 ->>> 10.250.104.25 ->>> 10.250.104.26 ->>> 10.250.104.27 +>>> 10.250.104.43 +>>> 10.250.104.46 >>> 10.250.104.28 ->>> 10.250.104.29 ->>> 10.250.104.30 ->>> 10.250.104.31 ->>> 10.250.104.32 ->>> 10.250.104.33 ->>> 10.250.104.34 ->>> 10.250.104.35 ->>> 10.250.104.36 ->>> 10.250.104.37 ->>> 10.250.104.38 ->>> 10.250.104.39 ->>> 10.250.104.40 +>>> 10.250.104.4 >>> 10.250.104.41 +>>> 10.250.104.15 +>>> 10.250.104.14 +>>> 10.250.104.45 >>> 10.250.104.42 OK >>> host in host_reject_connection? no (option unset) >>> host in sender_unqualified_hosts? no (option unset) diff --git a/test/stderr/0023 b/test/stderr/0023 index 7da373917..b05f70f39 100644 --- a/test/stderr/0023 +++ b/test/stderr/0023 @@ -1089,14 +1089,8 @@ LOG: H=[28.28.28.28] F= rejected RCPT >>> looking up host name for V4NET.0.0.3 >>> IP address lookup yielded "ten-3.test.ex" >>> alias "ten-3-alias.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-3.test.ex address=V4NET.0.0.3 >>> checking addresses for ten-3.test.ex >>> V4NET.0.0.3 OK -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-3-alias.test.ex address=V4NET.0.0.3 >>> checking addresses for ten-3-alias.test.ex >>> V4NET.0.0.3 OK >>> require: condition test succeeded in ACL "acl_V4NET_0_0" @@ -1139,6 +1133,7 @@ LOG: H=[V4NET.0.0.97] F=<> rejected RCPT : host lookup failed for reverse l >>> looking up host name for V4NET.99.99.96 >>> IP address lookup yielded "x.test.again.dns" >>> x.test.again.dns in dns_again_means_nonexist? no (option unset) +>>> x.test.again.dns in dns_again_means_nonexist? no (option unset) >>> temporary error for host name lookup >>> accept: condition test deferred in ACL "acl_V4NET_99_99" LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT : host lookup deferred for reverse lookup check @@ -1159,6 +1154,7 @@ LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT : host lookup deferr >>> looking up host name for V4NET.99.99.96 >>> IP address lookup yielded "x.test.again.dns" >>> x.test.again.dns in dns_again_means_nonexist? no (option unset) +>>> x.test.again.dns in dns_again_means_nonexist? no (option unset) >>> temporary error for host name lookup >>> accept: condition test succeeded in ACL "acl_V4NET_99_99" >>> end of ACL "acl_V4NET_99_99": ACCEPT diff --git a/test/stderr/0062 b/test/stderr/0062 index 936b6961e..6bd2424ec 100644 --- a/test/stderr/0062 +++ b/test/stderr/0062 @@ -29,9 +29,6 @@ >>> sender host name required, to match against *-2.test.ex >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in "*-2.test.ex : *-3-alias.test.ex"? no (end of list) @@ -78,9 +75,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1 >>> sender host name required, to match against *-2.test.ex >>> looking up host name for V4NET.0.0.2 >>> IP address lookup yielded "ten-2.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-2.test.ex address=V4NET.0.0.2 >>> checking addresses for ten-2.test.ex >>> V4NET.0.0.2 OK >>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-2.test.ex") @@ -124,14 +118,8 @@ LOG: 10HmaY-0005vi-00 <= userx@somehost.example.com H=ten-2.test.ex [V4NET.0.0.2 >>> looking up host name for V4NET.0.0.3 >>> IP address lookup yielded "ten-3.test.ex" >>> alias "ten-3-alias.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-3.test.ex address=V4NET.0.0.3 >>> checking addresses for ten-3.test.ex >>> V4NET.0.0.3 OK -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-3-alias.test.ex address=V4NET.0.0.3 >>> checking addresses for ten-3-alias.test.ex >>> V4NET.0.0.3 OK >>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-3-alias.test.ex") diff --git a/test/stderr/0063 b/test/stderr/0063 index a32d69978..b2dddb909 100644 --- a/test/stderr/0063 +++ b/test/stderr/0063 @@ -29,9 +29,6 @@ >>> sender host name required, to match against ^[^\d]+2 >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in "^[^\d]+2"? no (end of list) @@ -74,9 +71,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1 >>> sender host name required, to match against ^[^\d]+2 >>> looking up host name for V4NET.0.0.2 >>> IP address lookup yielded "ten-2.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-2.test.ex address=V4NET.0.0.2 >>> checking addresses for ten-2.test.ex >>> V4NET.0.0.2 OK >>> host in "^[^\d]+2"? yes (matched "^[^\d]+2") diff --git a/test/stderr/0064 b/test/stderr/0064 index 82b68bbc2..179cd8bb8 100644 --- a/test/stderr/0064 +++ b/test/stderr/0064 @@ -29,9 +29,6 @@ >>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? no (end of list) @@ -74,9 +71,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1 >>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts >>> looking up host name for V4NET.0.0.2 >>> IP address lookup yielded "ten-2.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-2.test.ex address=V4NET.0.0.2 >>> checking addresses for ten-2.test.ex >>> V4NET.0.0.2 OK >>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? yes (matched "lsearch;TESTSUITE/aux-fixed/0064.hosts") diff --git a/test/stderr/0066 b/test/stderr/0066 index de0821ac4..55973c8e9 100644 --- a/test/stderr/0066 +++ b/test/stderr/0066 @@ -280,9 +280,6 @@ MUNGED: ::1 will be omitted in what follows >>> sender host name required, to match against *-1.test.ex >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in "!TESTSUITE/aux-fixed/0066.nothosts : TESTSUITE/aux-var/0066.hostnets"? yes (matched "*-1.test.ex" in TESTSUITE/aux-var/0066.hostnets) diff --git a/test/stderr/0069 b/test/stderr/0069 index 9008167df..0af08eaa6 100644 --- a/test/stderr/0069 +++ b/test/stderr/0069 @@ -4,9 +4,6 @@ >>> sender host name required, to match against ^ten-1\.test\.ex >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in sender_unqualified_hosts? yes (matched "^ten-1\.test\.ex") diff --git a/test/stderr/0070 b/test/stderr/0070 index 0453d22eb..2bf1e9cdf 100644 --- a/test/stderr/0070 +++ b/test/stderr/0070 @@ -106,9 +106,6 @@ MUNGED: ::1 will be omitted in what follows >>> verifying EHLO/HELO argument "ten-1.test.ex" >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> matched host name @@ -130,14 +127,8 @@ MUNGED: ::1 will be omitted in what follows >>> looking up host name for V4NET.0.0.3 >>> IP address lookup yielded "ten-3.test.ex" >>> alias "ten-3-alias.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-3.test.ex address=V4NET.0.0.3 >>> checking addresses for ten-3.test.ex >>> V4NET.0.0.3 OK -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-3-alias.test.ex address=V4NET.0.0.3 >>> checking addresses for ten-3-alias.test.ex >>> V4NET.0.0.3 OK >>> matched host name @@ -164,9 +155,6 @@ MUNGED: ::1 will be omitted in what follows >>> verifying EHLO/HELO argument "rhubarb" >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> getting IP address for rhubarb diff --git a/test/stderr/0089 b/test/stderr/0089 index bacb2914f..00b552e2d 100644 --- a/test/stderr/0089 +++ b/test/stderr/0089 @@ -50,9 +50,6 @@ LOG: H=(abc_xyz) [V4NET.0.0.0] F= rejected RCPT >> sender host name required, to match against *N-99.test.EX >>> looking up host name for V4NET.0.0.99 >>> IP address lookup yielded "ten-99.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-99.test.ex address=V4NET.0.0.99 >>> checking addresses for ten-99.test.ex >>> V4NET.0.0.99 OK >>> host in sender_unqualified_hosts? yes (matched "*N-99.test.EX") diff --git a/test/stderr/0094 b/test/stderr/0094 index b9249cc94..5ab751696 100644 --- a/test/stderr/0094 +++ b/test/stderr/0094 @@ -33,9 +33,6 @@ LOG: H=[V4NET.11.12.13] F= rejected RCPT : rel >>> host in host_lookup? yes (matched "0.0.0.0/0") >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in host_reject_connection? no (option unset) @@ -87,21 +84,17 @@ DNS lookup of 90.99.99.V4NET.in-addr.arpa (PTR) using fakens DNS lookup of 90.99.99.V4NET.in-addr.arpa (PTR) succeeded IP address lookup yielded "oneback.test.ex" alias "host1.masq.test.ex" -using host_fake_gethostbyname for oneback.test.ex (IPv4) DNS lookup of oneback.test.ex (A) using fakens DNS lookup of oneback.test.ex (A) succeeded -MUNGED: ::1 will be omitted in what follows -get[host|ipnode]byname[2] looked up these IP addresses: - name=oneback.test.ex address=V4NET.99.99.90 +oneback.test.ex V4NET.99.99.90 mx=-1 sort=xx checking addresses for oneback.test.ex +Forward DNS security status: unverified V4NET.99.99.90 OK -using host_fake_gethostbyname for host1.masq.test.ex (IPv4) DNS lookup of host1.masq.test.ex (A) using fakens DNS lookup of host1.masq.test.ex (A) succeeded -MUNGED: ::1 will be omitted in what follows -get[host|ipnode]byname[2] looked up these IP addresses: - name=host1.masq.test.ex address=V4NET.90.90.90 +host1.masq.test.ex V4NET.90.90.90 mx=-1 sort=xx checking addresses for host1.masq.test.ex +Forward DNS security status: unverified V4NET.90.90.90 no IP address for host1.masq.test.ex matched V4NET.99.99.90 sender_fullhost = oneback.test.ex [V4NET.99.99.90] diff --git a/test/stderr/0303 b/test/stderr/0303 index 3f90c7c06..02f42e0a0 100644 --- a/test/stderr/0303 +++ b/test/stderr/0303 @@ -9,9 +9,6 @@ >>> myhost.test.ex in helo_lookup_domains? yes (matched "@") >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in hosts_connection_nolog? no (option unset) @@ -25,9 +22,6 @@ MUNGED: ::1 will be omitted in what follows >>> [127.0.0.1] in helo_lookup_domains? yes (matched "@[]") >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in dsn_advertise_hosts? no (option unset) diff --git a/test/stderr/0308 b/test/stderr/0308 index d8aca4e8d..244f96c0f 100644 --- a/test/stderr/0308 +++ b/test/stderr/0308 @@ -33,9 +33,6 @@ LOG: no host name found for IP address V4NET.0.0.97 >>> sender host name required, to match against *.test.ex >>> looking up host name for V4NET.0.0.1 >>> IP address lookup yielded "ten-1.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=ten-1.test.ex address=V4NET.0.0.1 >>> checking addresses for ten-1.test.ex >>> V4NET.0.0.1 OK >>> host in "*.test.ex"? yes (matched "*.test.ex") diff --git a/test/stderr/0381 b/test/stderr/0381 index a24ef419f..d5e9ee6fc 100644 --- a/test/stderr/0381 +++ b/test/stderr/0381 @@ -39,21 +39,17 @@ DNS lookup of 97.99.99.V4NET.in-addr.arpa (PTR) using fakens DNS lookup of 97.99.99.V4NET.in-addr.arpa (PTR) succeeded IP address lookup yielded "x.gov.uk.test.ex" alias "x.co.uk.test.ex" -using host_fake_gethostbyname for x.gov.uk.test.ex (IPv4) DNS lookup of x.gov.uk.test.ex (A) using fakens DNS lookup of x.gov.uk.test.ex (A) succeeded -MUNGED: ::1 will be omitted in what follows -get[host|ipnode]byname[2] looked up these IP addresses: - name=x.gov.uk.test.ex address=V4NET.99.99.97 +x.gov.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx checking addresses for x.gov.uk.test.ex +Forward DNS security status: unverified V4NET.99.99.97 OK -using host_fake_gethostbyname for x.co.uk.test.ex (IPv4) DNS lookup of x.co.uk.test.ex (A) using fakens DNS lookup of x.co.uk.test.ex (A) succeeded -MUNGED: ::1 will be omitted in what follows -get[host|ipnode]byname[2] looked up these IP addresses: - name=x.co.uk.test.ex address=V4NET.99.99.97 +x.co.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx checking addresses for x.co.uk.test.ex +Forward DNS security status: unverified V4NET.99.99.97 OK sender_fullhost = x.gov.uk.test.ex [V4NET.99.99.97] sender_rcvhost = x.gov.uk.test.ex ([V4NET.99.99.97] ident=CALLER) diff --git a/test/stderr/1000 b/test/stderr/1000 index 6caf2cd05..efd8de912 100644 --- a/test/stderr/1000 +++ b/test/stderr/1000 @@ -22,9 +22,6 @@ LOG: H=[2001:0ab8:037f:0020:0000:0000:0000:0001] Warning: matched hostlist >>> host in host_lookup? yes (matched "*") >>> looking up host name for V6NET:1234:0005:0006:0007:0008:0abc:000d >>> IP address lookup yielded "test3.ipv6.test.ex" -MUNGED: ::1 will be omitted in what follows ->>> get[host|ipnode]byname[2] looked up these IP addresses: ->>> name=test3.ipv6.test.ex address=V6NET:1234:5:6:7:8:abc:d >>> checking addresses for test3.ipv6.test.ex >>> V6NET:1234:5:6:7:8:abc:d OK >>> host in host_reject_connection? no (option unset) diff --git a/test/stderr/2202 b/test/stderr/2202 index 2669d9373..043e99569 100644 --- a/test/stderr/2202 +++ b/test/stderr/2202 @@ -46,13 +46,12 @@ looking up host name for ip4.ip4.ip4.ip4 DNS lookup of ip4-reverse.in-addr.arpa (PTR) using fakens DNS lookup of ip4-reverse.in-addr.arpa (PTR) succeeded IP address lookup yielded "the.local.host.name" -using host_fake_gethostbyname for the.local.host.name (IPv4) DNS lookup of the.local.host.name (A) using fakens DNS lookup of the.local.host.name (A) succeeded -MUNGED: ::1 will be omitted in what follows -get[host|ipnode]byname[2] looked up these IP addresses: - name=the.local.host.name address=ip4.ip4.ip4.ip4 +local host found for non-MX address +the.local.host.name ip4.ip4.ip4.ip4 mx=-1 sort=xx checking addresses for the.local.host.name +Forward DNS security status: unverified ip4.ip4.ip4.ip4 OK sender_fullhost = the.local.host.name [ip4.ip4.ip4.ip4] sender_rcvhost = the.local.host.name ([ip4.ip4.ip4.ip4]) -- cgit v1.2.3