On Thu, 18 Nov 2021, Matt Corallo wrote:
On 11/18/21 16:49, John Hardin wrote:
On Thu, 18 Nov 2021, Matt Corallo wrote:
I followed up on the exim-users list on this - Exim *did* verify the
FcRDNS here and the above header line is what it generates by default for
FcRDNS. The RFC quote they responded with is at [1]. A FcRDNS-failed
received line is at [2].
I've modified that rule a bit to also look at the HELO and envelope From
address to see if they are from Shopify. Granted that's less reliable than
rDNS, but it's probably Good Enough.
Note that the subject is, in hindsight, a bit of a misnomer.
Not really - it is accurate, but the scope was found to be larger. If this
discussion continues, it might be reasonable to re-title the thread to be
more representative. Perhaps "SA mis-parsing Exim Received headers".
Obviously
there's a ton of rules that rely on FcRDNS, and in this case it seems like
Exim's Received lines just do not match SA's current detection, causing this
and many other rules to fail.
Recognized. Sadly, it won't be fixed in 3.4.x
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Taking my gun away because I *might* shoot someone is like cutting
my tongue out because I *might* yell "Fire!" in a crowded theater.
-- Peter Venetoklis
-----------------------------------------------------------------------
537 days since the first private commercial manned orbital mission (SpaceX)
