Bug#927733: exim4-config: Please expand default 'ignore_target_hosts'

Dean Hamstead dean at fragfest.com.au
Mon Apr 22 03:51:53 BST 2019 

Package: exim4-config
Version: 4.89-2+deb9u3
Severity: wishlist

Dear Maintainer,

in router/200-exim4-config_primary i would like to recommend expanding
this list as follows:


  # Don't allow domains whose single MX (or A) record is a
  # "special-use IPv4 address", as listed in RFC 3330.
  ignore_target_hosts = <; 0::0/0 ; \
            # Hosts on "this network"; RFC 1700 (page 4) states that these
            # are only allowed as source addresses
            0.0.0.0/8 ; \
            # Private networks, RFC 1918
            10.0.0.0/8 ; 172.16.0.0/12 ; 192.168.0.0/16 ; \
            # Carrier NAT, RFC6598
            100.64.0.0/10 ; \
            # Internet host loopback address, RFC 1700 (page 5)
            127.0.0.0/8 ; \
            # "Link local" block
            169.254.0.0/16 ; \
            # "TEST-NET-1" - should not appear on the public Internet
            192.0.2.0/24 ; \
            # "TEST-NET-2" - should not appear on the public Internet
            198.51.100.0/24 ; \
            # 6to4 relay anycast addresses, RFC 3068
            192.88.99.0/24 ; \
            # Network interconnect device benchmark testing, RFC 2544
            198.18.0.0/15 ; \
            # "TEST-NET-3" - should not appear on the public Internet
            203.0.113.0/24 ; \
            # Multicast addresses, RFC 3171
            224.0.0.0/4 ; \
            # Reserved for future use, RFC 1700 (page 4)
            240.0.0.0/4


-- Package-specific info:
Exim version 4.92 #5 built 02-Mar-2019 14:59:31
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DANE DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-0.bpo.4-cloud-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages exim4-config depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.61

exim4-config recommends no packages.

exim4-config suggests no packages.

-- Configuration Files:
/etc/exim4/passwd.client changed [not included]

-- debconf information excluded

More information about the Pkg-exim4-maintainers mailing list