Package: exim4-config Version: 4.94.2-2~zg100+3 Severity: normal Hi,
I am not sure whether this is an actual bug. I have observed this behaviod on an exim that is backup MX for domain.example. The MX records are like: domain.example mail is handled by 0 mx.domain.example. domain.example mail is handled by 10 myexim.otherdomain.example. Both hosts have both IPv4 and IPv6 addresses in DNS; the local resolver on myexim.otherdomain.example resolves its own host name to 127.0.1.1 by virtue of the normal Debian /etc/hosts file. [36/5023]mh@q:~ $ sudo exim -bt [email protected] R: domain_literal for [email protected] R: dnslookup_relay_to_domains for [email protected] [email protected] router = dnslookup_relay_to_domains, transport = remote_smtp host mx.domain.example [IPv6 address] MX=0 host mx.domain.example [IPv4 address] MX=0 host myexim.otherdomain.example [127.0.1.1] MX=10 [37/5024]mh@q:~ $ If mx.domain.example refuses mail, the local exim happily delivers to itself, causing a loop: 2021-08-18 08:06:15 1mGEiM-00089y-Vx <= [email protected] H=localhost (myexim.otherdomin.example) [127.0.0.1] P=esmtps X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no K S=14699 id=<snip> 2021-08-18 08:06:15 1mGEiK-00089g-NR => [email protected] R=dnslookup_relay_to_domains T=remote_smtp H=myexim.otherdomain.example [127.0.1.1] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=yes DN=<snip> K C="250- 7595 byte chunk, total 14687\\n250 OK id=1mGEiM-00089y-Vx" 2021-08-18 08:06:15 1mGEiK-00089g-NR Completed I have noticed that the dnslookup router in the upstream configure.defaut has a ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 option set, while our dnslookup_relay_to_domains router doesn't. I guess this was an omission made by myself back in 2003 when i added the dedicated handling of dnslookup for general e-mail and for domains that we have listed in dnslookup_relay_to_domains. I would like to suggest changing the dnslookup_relay_to_domains router to something like that: .ifndef ROUTER_DNSLOOKUP_RELAY_TO_DOMAINS_IGNORE_TARGET_HOSTS ROUTER_DNSLOOKUP_RELAY_TO_DOMAINS_IGNORE_TARGET_HOSTS = <; 0.0.0.0 ; 127.0.0.0/8 ; ::/128 ; ::1/128 .endif dnslookup_relay_to_domains: debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain" driver = dnslookup domains = ! +local_domains : +relay_to_domains transport = remote_smtp same_domain_copy_routing = yes ignore_target_hosts = ROUTER_DNSLOOKUP_RELAY_TO_DOMAINS_IGNORE_TARGET_HOSTS no_more Or is exim supposed to never relay to itself automatically? If that is the case, more debugging is needed to find out why this happens here. Advice appreciated. Greetings Marc -- Package-specific info: Exim version 4.94.2 #2 built 04-May-2021 19:57:22 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPE_CONNECT PRDR PROXY SOCKS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated Configuration file is /var/lib/exim4/config.autogenerated -- System Information: Debian Release: 10.10 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.13.10-zgsrv20080 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages exim4-config depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.71 Versions of packages exim4-config recommends: ii ca-certificates 20200601~deb10u2 exim4-config suggests no packages. -- Configuration Files: /etc/exim4/conf.d/acl/20_exim4-config_local_deny_exceptions changed [not included] /etc/exim4/conf.d/router/600_exim4-config_userforward changed [not included] /etc/exim4/conf.d/router/700_exim4-config_procmail changed [not included] /etc/exim4/conf.d/router/800_exim4-config_maildrop changed [not included] /etc/exim4/conf.d/router/900_exim4-config_local_user changed [not included] /etc/exim4/passwd.client [Errno 13] Permission denied: '/etc/exim4/passwd.client' -- debconf information excluded
