[Pkg-exim4-users] sporadic invalid helo -- setting primary_hostname

J G Miller miller at yoyo.ORG
Wed Mar 2 18:23:52 UTC 2016 

At 12:29h, on Wednesday, March 02, 2016,
in message <56D72307.6080900 at redowl.ca>,
on the subject of "Re: [Pkg-exim4-users] sporadic invalid helo -- setting primary_hostname",
Jonathan Addleman explained --

 > Indeed. It is worrisome. I'm at quite a loss as to troubleshooting it 
 > though. It seems that hostname -f doesn't use gethostbyname() or 
 > getipnodebyname() (at least as far as I can see from a strace). Are 
 > there other command line tools that I could use to test things?

Only thing I can think of for testing at the command line is writing a
simple C program to use gethostbyname for your own host name.

Intermittent sporadic problems are always the hardest to fix.

It could possibly be related to system load and demands on your network
name lookup mechanism.

The most obvious nuisance to name lookups is nscd.

Are you by any chance running nscd with hosts cache enabled and
nsswitch.conf pointing to cache? 

Probably not, but it needs to be eliminated just in case.

Are you running NIS?

Are you running named/bind9 for your local hosts?

And you should review the contents of /etc/nsswitch.conf anways since
gethostbyname consults /etc/nsswitch.conf to ascertain what mechanism(s)
to do the name lookup.

If you have an /etc/hosts with the FQDN host name properly defined,
perhaps just putting hosts before dns (if that is the order currently
used) could cure the problem, if indeed the problem is caused by an
occasional failure in using dns due to load, bind9 not running, or whatever.

Incidentally according to the Debian manual page for gethostbyname,
the maintainers of exim4 need to update the source code because
getnameinfo should be used instead.

QUOTE

   The gethostbyname*(), gethostbyaddr*(), herror(), and hstrerror() functions are obsolete.

   Applications should use  getaddrinfo(3),  getnameinfo(3), and gai_strerror(3) instead.

UNQUOTE

This is also highlighted as a SECURITY concern at

         <http://blog.erratasec.COM/2015/01/you-shouldnt-be-using-gethostbyname.html>

QUOTE

      Tuesday, January 27, 2015

      You shouldn't be using gethostbyname() anyway

      Today's GHOST vulnerability is in gethostbyname(), a Sockets API function
      from the early 1980s. That function has been obsolete for a decade.

      What you should be using is getaddrinfo() instead, a newer function that
      can also handle IPv6.

UNQUOTE

This blog entry ironically resulted in a comment pertinent to Exim4 added by a reader.

QUOTE

    celula_x said...

    if it's old; wonder why stocked Debian's Exim still calls it =\

    7:41 PM 

UNQUOTE
    
If Debian developers/maintainers are concerned about security, are they lobbying
with the upstream Exim4 code authors/maintainers to get this changed?

And despite the dire warning on the Debian setting up Exim4 instructions
about not using MAIN_HARDCODE_PRIMARY_HOSTNAME. I have always set it on
my heavily customized Exim4 setup (now on four machines) since 2005 or
maybe earlier and never had a problem.

More information about the Pkg-exim4-users mailing list