Bug#950973: exim4-config: ignore_target_hosts in dnslookup router does not ignore IPv6 localhost

C Snover debian-bugs at zetafleet.com
Sun Feb 9 01:47:37 GMT 2020 

Package: exim4-config
Version: 4.92-8+deb10u3
Severity: normal
Tags: ipv6 patch

Dear Maintainer,

Badly configured domain names with an MX record of "localhost" cause 
Exim to freeze messages instead of bouncing them when the local DNS 
resolver resolves "localhost" to an IPv6 address instead of an IPv4 address.

This happens because there are no IPv6 addresses in 
`ignore_target_hosts` for the `dnslookup` router. Adding IPv6 addresses 
to this configuration option ensures identical behaviour regardless of 
whether the DNS resolver returns IPv4 or IPv6 addresses.

In line with the current list of `ignore_target_hosts` which includes 
only private IPv4 networks, the patch I am attaching here tries to add 
only the localhost, private, and link-local IPv6 networks.

All this said, given other reports like Bug #927733 which ask to extend 
the list of target hosts to exclude more special IPv4 subnets, it might 
be a better idea to just make `ignore_target_hosts` use a macro to 
maximise maintainability over the long term.

Thank you for taking the time to read and consider this report.

Best regards,
-------------- next part --------------
--- a/conf.d/router/200_exim4-config_primary	2019-09-07 08:59:59.000000000 +0000
+++ b/conf.d/router/200_exim4-config_primary	2020-02-09 01:12:42.531689133 +0000
@@ -33,10 +33,11 @@
   domains = ! +local_domains
   transport = remote_smtp
   same_domain_copy_routing = yes
-  # ignore private rfc1918 and APIPA addresses
-  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
-                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
-			255.255.255.255
+  # ignore private rfc1918, rfc4193, rfc4291, rfc6666, and APIPA addresses
+  ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; 192.168.0.0/16 ;\
+                        172.16.0.0/12 ; 10.0.0.0/8 ; 169.254.0.0/16 ;\
+			255.255.255.255 ; ::/128 ; ::1/128 ; fc00::/7 ;\
+			fe80::/10 ; 100::/64
   dnssec_request_domains = *
   no_more

More information about the Pkg-exim4-maintainers mailing list