On 2021-11-18 at 17:16:14 UTC-0500 (Thu, 18 Nov 2021 22:16:14 +0000)
Jeremy Harris via Exim-users <j...@wizmail.org>
is rumored to have said:
On 18/11/2021 19:10, Bill Cole via Exim-users wrote:
Also welcome, short of a patch, would be clues about how to detect in
an Exim-written Received header when a SMTP client IP has no rDNS or
the rDNS name doesn't resolve to the client IP.
It would be more reliable to interpret an Authentication-Results
header (cf. RFC 8601),
assuming the Exim config creates one using the intended expansion item
Big assumption.
Received headers are more reliably present and we have multiple
functions dependent on parsing them. Since we only care about rDNS for
the last hop from an untrusted host to a trusted one (i.e. Received
header written by a trusted writer) and need to support use cases where
the user trusts but doesn't manage their MTA, I expect we'll need to
keep working with Received if possible.
eg:
add_header = :at_start:${authresults {$primary_hostname}}
In either case you would be dependent on an rDNS check having
done; this is not automatic and can be avoided by the config.
Checks of the peer IP against a hostlist item which is a name
will cause one, as will matching the host_lookup option or
an explicit verify=reverse_host_lookup ACL condition.
So, if none of that happens, what will the Received header look like?
Will the client domain name be just the HELO name or an IP literal or
what? Would there be any apparent difference between cases where the
lookup was never done and where it failed?
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
