Bug#267895: marked as done (verify = helo in acls needs to mention helo_try_verify_hosts)

Debian Bug Tracking System owner@bugs.debian.org
Wed, 01 Dec 2004 09:18:17 -0800 

Your message dated Wed, 1 Dec 2004 18:02:43 +0100
with message-id <20041201170243.GA3449@laptopasus.logic.univie.ac.at>
and subject line verify = helo in acls needs to mention helo_try_verify_hosts
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Aug 2004 22:36:03 +0000
>From mfedyk@matchmail.com Tue Aug 24 15:36:03 2004
Return-path: <mfedyk@matchmail.com>
Received: from ip67-95-245-82.z245-95-67.customer.algx.net (fileserver.matchmail.com) [67.95.245.82] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Bzjtb-0006Ch-00; Tue, 24 Aug 2004 15:36:03 -0700
Received: from mfedyk by fileserver.matchmail.com with local (Exim 4.34)
	id 1Bzjst-0000Mu-TO; Tue, 24 Aug 2004 15:35:20 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Mike Fedyk <mfedyk@matchmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: exim4: verify = helo not checking dns addresses correctly
X-Mailer: reportbug 2.63
Date: Tue, 24 Aug 2004 15:35:19 -0700
Message-Id: <E1Bzjst-0000Mu-TO@fileserver.matchmail.com>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: exim4
Version: 4.34-4
Severity: normal

I have this[1] log entry generated from this[2] acl.

The problem is that:

host pvnsmtp02.providian.com
pvnsmtp02.providian.com A       164.109.144.240

and

host 164.109.144.240
Name: pvnsmtp02.providian.com
Address: 164.109.144.240

They match, and the verification shouldn't fail.

[1]
host 2004-08-24 15:20:54 H=pvnsmtp02.providian.com [164.109.144.240]
Warning: Remote host 164.109.144.240 (pvnsmtp02.providian.com) incorrectly
presented itself as pvnsmtp02.providian.com

[2]
  warn
    message     = X-HELO-Warning: Remote host $sender_host_address \
                  ${if def:sender_host_name {($sender_host_name) }}\
                  incorrectly presented itself as $sender_helo_name
    log_message = Remote host $sender_host_address \
                  ${if def:sender_host_name {($sender_host_name) }}\
                  incorrectly presented itself as $sender_helo_name
    !verify     = helo
					    

-- Package-specific info:
Exim version 4.34 #1 built 27-Jul-2004 18:06:50
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='internet'
dc_other_hostnames='lists.matchmail.com:quickmail.matchmail.com:matchmail.com'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains='pinetreepreschool.com:pinetree123.com:pinetreeabc.com'
dc_minimaldns='false'
dc_smarthost='mail.pacbell.net'

CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname=''
mailname:matchmail.com

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (7221, 'testing'), (711, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-686
Locale: LANG=C, LC_CTYPE=C

Versions of packages exim4 depends on:
ii  exim4-base                    4.34-4     EXperimental Internal Mailer -- a 
ii  exim4-daemon-light            4.34-4     Lightweight version of the Exim (v

-- no debconf information

---------------------------------------
Received: (at 267895-done) by bugs.debian.org; 1 Dec 2004 17:02:44 +0000
>From ametzler@debian.org Wed Dec 01 09:02:44 2004
Return-path: <ametzler@debian.org>
Received: from server.logic.univie.ac.at [131.130.190.41] ([aJyjTVgR7TtLsWwdhURzpa8nG8pi0mMu])
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CZXsK-0008Uj-00; Wed, 01 Dec 2004 09:02:44 -0800
Received: from [131.130.190.61] (helo=labtopasus.logic.univie.ac.at ident=Debian-exim)
	by server.logic.univie.ac.at with esmtp (Exim 4.34)
	id 1CZXsJ-0001JT-A0
	for 267895-done@bugs.debian.org; Wed, 01 Dec 2004 18:02:43 +0100
Received: from andreas by labtopasus.logic.univie.ac.at with local (Exim 4.34)
	id 1CZXsJ-0000u3-EV
	for 267895-done@bugs.debian.org; Wed, 01 Dec 2004 18:02:43 +0100
Date: Wed, 1 Dec 2004 18:02:43 +0100
From: Andreas Metzler <ametzler@debian.org>
To: 267895-done@bugs.debian.org
Subject: Re: verify = helo in acls needs to mention helo_try_verify_hosts
Message-ID: <20041201170243.GA3449@laptopasus.logic.univie.ac.at>
References: <412BF528.50203@matchmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <412BF528.50203@matchmail.com>
User-Agent: Mutt/1.5.6+20040722i
Delivered-To: 267895-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

On Tue, Aug 24, 2004 at 07:10:48PM -0700, Mike Fedyk wrote:
[...] 
> It looks like I needed [1] in my main section.  Can you add this as a 
> comment to the verify = helo ACL?
> 
> [1]
> helo_try_verify_hosts = *

We do not ship any helo ACL examples in Debian's configuration and
upstream's documentation is quite clear on the fact that using
verify = helo in ACLs requires setting
helo_verify_hosts/helo_try_verify_hosts:

| verify = helo
| 
|    This condition is true if a HELO or EHLO command has been received
|    from the client host, and its contents have been verified.
|    Verification of these commands does not happen by default. See the
|    description of the "helo_verify_hosts" and "helo_try_verify_hosts"
|    options for details of how to request it.

closing.
             cu andreas