Bug#670035: no useful message on defer due to dns tempfail in acl hostlist

Ian Jackson ijackson at chiark.greenend.org.uk
Sun Apr 22 13:20:42 UTC 2012 

Package: exim4
Version: 4.72-6+squeeze2

My config contains (reformatted for readability):

 hostlist relay_hosts = +ignore_unknown : \
   chiark.greenend.org.uk : localhost : permutation-city.greenend.org.uk : \
   10.0.0.0/8 : 172.16.0.0/12 : 192.168.0.0/16 : \
   [ a list of hostnames for which I will relay ]

and

 begin acl
 check_recipient:
 [...]
   accept  hosts = +relay_hosts
   deny    message = relay not permitted

Currently, one of those hostnames is not resolveable - it gives a
temporary DNS lookup error.  When another host, later in the list,
tries to relay, Exim concludes (arguably correctly[1]) that the acl
should return "defer"; as a result the RCPT message must get a
temporary failure response.

However, the actual cause of the deferral is neither logged nor told
to the caller.  The mainlog and rejectlog get:
   2012-04-22 13:25:59 H=(liberator.relativity.greenend.org.uk)
     [172.18.45.4] U=ian F=<ijackson at chiark.greenend.org.uk> temporarily
     rejected RCPT <******>
and the caller gets:
   451 Temporary local problem - please try later

Hosts which are listed in the hostlist but which get NXDOMAIN from
the DNS _are_ logged, eg:
   2012-04-22 13:25:59 no IP address found for host
     *****.org.uk (during SMTP connection from
     (liberator.relativity.greenend.org.uk) [172.18.45.4])

But these are of course not the cause of the deferral.  The host whose
DNS was broken, and whose entry in the hostlist is thus causing
everything not to work, is not mentioned.  I was able to debug the
problem only by running exim in a debug mode with the debugging
messages turned right up, and inspecting the output closely.

I think this situation warrants a message to the log.

Thanks,
Ian.

[1] It might have been nice if exim had continued scanning the
hostlist and discovered the other host's entry.  But that's not what
I'm asking for in this report.

-- 
Ian Jackson                  personal email: <ijackson at chiark.greenend.org.uk>
These opinions are my own.        http://www.chiark.greenend.org.uk/~ijackson/
PGP2 key 1024R/0x23f5addb,     fingerprint 5906F687 BD03ACAD 0D8E602E FCF37657

More information about the Pkg-exim4-maintainers mailing list