-/* $Cambridge: exim/src/src/routers/dnslookup.c,v 1.2 2005/01/04 10:00:44 ph10 Exp $ */
+/* $Cambridge: exim/src/src/routers/dnslookup.c,v 1.7 2005/09/19 09:41:37 fanf2 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
router_instance *rblock, /* data for this instantiation */
address_item *addr, /* address we are working on */
struct passwd *pw, /* passwd entry after check_local_user */
- BOOL verify, /* TRUE when verifying */
+ int verify, /* v_none/v_recipient/v_sender/v_expn */
address_item **addr_local, /* add it to this if it's local */
address_item **addr_remote, /* add it to this if it's remote */
address_item **addr_new, /* put new addresses on here */
be something in the "ch" toplevel domain, but it also might be xxx.ch.xyz.com.
The choice of pre- or post-widening affects which takes precedence. If ever
somebody comes up with some kind of requirement for pre-widening, presumably
-with some conditions under which it is done, it can be selected here. */
-
-if (ob->widen_domains != NULL)
+with some conditions under which it is done, it can be selected here.
+
+The rewrite_headers option works only when routing an address at transport
+time, because the alterations to the headers are not persistent so must be
+worked out immediately before they are used. Sender addresses are routed for
+verification purposes, but never at transport time, so any header changes that
+you might expect as a result of sender domain widening do not occur. Therefore
+we do not perform widening when verifying sender addresses; however, widening
+sender addresses is OK if we do not have to rewrite the headers. A corollary
+of this is that if the current address is not the original address, then it
+does not appear in the message header so it is also OK to widen. The
+suppression of widening for sender addresses is silent because it is the
+normal desirable behaviour. */
+
+if (ob->widen_domains != NULL &&
+ (verify != v_sender || !ob->rewrite_headers || addr->parent != NULL))
{
listptr = ob->widen_domains;
widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
/* Unfortunately, we cannot set the mx_only option in advance, because the
DNS lookup may extend an unqualified name. Therefore, we must do the test
- subsequently. */
+ subsequently. We use the same logic as that for widen_domains above to avoid
+ requesting a header rewrite that cannot work. */
- if (ob->qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
- if (ob->search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
+ if (verify != v_sender || !ob->rewrite_headers || addr->parent != NULL)
+ {
+ if (ob->qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
+ if (ob->search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
+ }
rc = host_find_bydns(&h, rblock->ignore_target_hosts, flags, srv_service,
ob->srv_fail_domains, ob->mx_fail_domains, &fully_qualified_name, &removed);
if (h.mx >= 0 && h.address == NULL)
{
+ setflag(addr, af_pass_message); /* This is not a security risk */
if (h.name[0] == 0)
addr->message = US"an SRV record indicated no SMTP service";
else
{
addr->message = US"all relevant MX records point to non-existent hosts";
- if (!allow_mx_to_ip && string_is_ip_address(h.name, NULL))
+ if (!allow_mx_to_ip && string_is_ip_address(h.name, NULL) > 0)
{
addr->user_message =
string_sprintf("It appears that the DNS operator for %s\n"