-/* $Cambridge: exim/src/src/routers/dnslookup.c,v 1.5 2005/09/12 15:09:55 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
(void *)(offsetof(dnslookup_router_options_block, check_secondary_mx)) },
{ "check_srv", opt_stringptr,
(void *)(offsetof(dnslookup_router_options_block, check_srv)) },
+ { "dnssec_request_domains", opt_stringptr,
+ (void *)(offsetof(dnslookup_router_options_block, dnssec_request_domains)) },
+ { "dnssec_require_domains", opt_stringptr,
+ (void *)(offsetof(dnslookup_router_options_block, dnssec_require_domains)) },
{ "mx_domains", opt_stringptr,
(void *)(offsetof(dnslookup_router_options_block, mx_domains)) },
{ "mx_fail_domains", opt_stringptr,
NULL, /* mx_domains */
NULL, /* mx_fail_domains */
NULL, /* srv_fail_domains */
- NULL /* check_srv */
+ NULL, /* check_srv */
+ NULL, /* dnssec_request_domains */
+ NULL /* dnssec_require_domains */
};
verification purposes, but never at transport time, so any header changes that
you might expect as a result of sender domain widening do not occur. Therefore
we do not perform widening when verifying sender addresses; however, widening
-sender addresses is OK if we do not have to rewrite the headers. The
-suppression of widening for sender addresses is silent because it is the normal
-desirable behaviour. */
-
-if (ob->widen_domains != NULL && (verify != v_sender || !ob->rewrite_headers))
+sender addresses is OK if we do not have to rewrite the headers. A corollary
+of this is that if the current address is not the original address, then it
+does not appear in the message header so it is also OK to widen. The
+suppression of widening for sender addresses is silent because it is the
+normal desirable behaviour. */
+
+if (ob->widen_domains != NULL &&
+ (verify != v_sender || !ob->rewrite_headers || addr->parent != NULL))
{
listptr = ob->widen_domains;
widen = string_nextinlist(&listptr, &widen_sep, widen_buffer,
/* Unfortunately, we cannot set the mx_only option in advance, because the
DNS lookup may extend an unqualified name. Therefore, we must do the test
- subsequently. */
+ subsequently. We use the same logic as that for widen_domains above to avoid
+ requesting a header rewrite that cannot work. */
- if (ob->qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
- if (ob->search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
+ if (verify != v_sender || !ob->rewrite_headers || addr->parent != NULL)
+ {
+ if (ob->qualify_single) flags |= HOST_FIND_QUALIFY_SINGLE;
+ if (ob->search_parents) flags |= HOST_FIND_SEARCH_PARENTS;
+ }
rc = host_find_bydns(&h, rblock->ignore_target_hosts, flags, srv_service,
- ob->srv_fail_domains, ob->mx_fail_domains, &fully_qualified_name, &removed);
+ ob->srv_fail_domains, ob->mx_fail_domains,
+ ob->dnssec_request_domains, ob->dnssec_require_domains,
+ &fully_qualified_name, &removed);
if (removed) setflag(addr, af_local_host_removed);
/* If host found with only address records, test for the domain's being in
if (rc != HOST_FIND_FAILED) break;
- /* Check to see if the failure is the result of MX records pointing
- to non-existent domains, and if so, set an appropriate error message; the
- case of an SRV record pointing to "." is another special case that we can
+ /* Check to see if the failure is the result of MX records pointing to
+ non-existent domains, and if so, set an appropriate error message; the case
+ of an MX or SRV record pointing to "." is another special case that we can
detect. Otherwise "unknown mail domain" is used, which is confusing. Also, in
this case don't do the widening. We need check only the first host to see if
its MX has been filled in, but there is no address, because if there were any
{
setflag(addr, af_pass_message); /* This is not a security risk */
if (h.name[0] == 0)
- addr->message = US"an SRV record indicated no SMTP service";
+ addr->message = US"an MX or SRV record indicated no SMTP service";
else
{
addr->message = US"all relevant MX records point to non-existent hosts";
- if (!allow_mx_to_ip && string_is_ip_address(h.name, NULL) > 0)
+ if (!allow_mx_to_ip && string_is_ip_address(h.name, NULL) != 0)
{
addr->user_message =
string_sprintf("It appears that the DNS operator for %s\n"