Change host_lookup re-forward from byname to bydns; checking DNSSEC
authorJeremy Harris <jgh146exb@wizmail.org>
Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)
24 files changed:
doc/doc-docbook/spec.xfpt
doc/doc-txt/ChangeLog
src/src/functions.h
src/src/host.c
src/src/ip.c
src/src/routers/iplookup.c
src/src/smtp_in.c
src/src/verify.c
test/stderr/0002
test/stderr/0020
test/stderr/0023
test/stderr/0062
test/stderr/0063
test/stderr/0064
test/stderr/0066
test/stderr/0069
test/stderr/0070
test/stderr/0089
test/stderr/0094
test/stderr/0303
test/stderr/0308
test/stderr/0381
test/stderr/1000
test/stderr/2202

index d4ebf464d7fc7f593bedd4a00a0dc42536bbcf5e..c1668c7ac472d236c72e4856275ebff858b5244a 100644 (file)
@@ -12223,7 +12223,8 @@ received. It is empty if there was no successful authentication. See also
 If an attempt to populate &$sender_host_name$& has been made
 (by reference, &%hosts_lookup%& or
 otherwise) then this boolean will have been set true if, and only if, the
-resolver library states that the reverse DNS was authenticated data.  At all
+resolver library states that both
+the reverse and forward DNS were authenticated data.  At all
 other times, this variable is false.
 
 It is likely that you will need to coerce DNSSEC support on in the resolver
@@ -12235,9 +12236,6 @@ dns_dnssec_ok = 1
 Exim does not perform DNSSEC validation itself, instead leaving that to a
 validating resolver (eg, unbound, or bind with suitable configuration).
 
-Exim does not (currently) check to see if the forward DNS was also secured
-with DNSSEC, only the reverse DNS.
-
 If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
 mechanism in the list, then this variable will be false.
 
index 789887e35ae54c95780fcf53471dc31706a7a30a..c6825d5be4b17177b2c52292ab86971ef2d0e8bd 100644 (file)
@@ -103,6 +103,9 @@ JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
 
 JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
 
+JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
+      when evaluating $sender_host_dnssec.
+
 
 Exim version 4.85
 -----------------
index 6b0689b3c77af03c8bd8ccc6fea6ceb8a36c4490..c3095c06b2eed031b2f9364e31f97f1b0c63cf1b 100644 (file)
@@ -197,7 +197,8 @@ extern void    host_build_hostlist(host_item **, const uschar *, BOOL);
 extern ip_address_item *host_build_ifacelist(const uschar *, uschar *);
 extern void    host_build_log_info(void);
 extern void    host_build_sender_fullhost(void);
-extern BOOL    host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL);
+extern BOOL    host_find_byname(host_item *, const uschar *, int,
+                               const uschar **, BOOL);
 extern int     host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *,
                  uschar *, const dnssec_domains *, const uschar **, BOOL *);
 extern ip_address_item *host_find_interfaces(void);
index b3d38c57824840699e254f8feb7d1e61674dd228..4772a7c6c3199bf2e5e19330de1e1d3f5c32e40d 100644 (file)
@@ -1639,8 +1639,7 @@ if (running_in_test_harness &&
 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
 the order specified by the host_lookup_order option. */
 
-while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
-        != NULL)
+while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
   {
   if (strcmpic(ordername, US"bydns") == 0)
     {
@@ -1661,8 +1660,6 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
       int count = 0;
       int old_pool = store_pool;
 
-      /* Ideally we'd check DNSSEC both forward and reverse, but we use the
-      gethost* routines for forward, so can't do that unless/until we rewrite. */
       sender_host_dnssec = dns_is_secure(&dnsa);
       DEBUG(D_dns)
         debug_printf("Reverse DNS security status: %s\n",
@@ -1710,8 +1707,8 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
             "empty name: treated as non-existent host name\n");
           continue;
           }
-        if (sender_host_name == NULL) sender_host_name = s;
-          else *aptr++ = s;
+        if (!sender_host_name) sender_host_name = s;
+       else *aptr++ = s;
         while (*s != 0) { *s = tolower(*s); s++; }
         }
 
@@ -1790,21 +1787,30 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++)
   int rc;
   BOOL ok = FALSE;
   host_item h;
+  dnssec_domains d;
+
   h.next = NULL;
   h.name = hname;
   h.mx = MX_NONE;
   h.address = NULL;
+  d.request = sender_host_dnssec ? US"*" : NULL;;
+  d.require = NULL;
 
-  /* When called with the last argument FALSE, host_find_byname() won't return
-  HOST_FOUND_LOCAL. If the incoming address is an IPv4 address expressed in
-  IPv6 format, we must compare the IPv4 part to any IPv4 addresses. */
-
-  if ((rc = host_find_byname(&h, NULL, 0, NULL, FALSE)) == HOST_FOUND)
+  if (  (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A,
+         NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
+     || rc == HOST_FOUND_LOCAL
+     )
     {
     host_item *hh;
     HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
+
+    /* If the forward lookup was not secure we cancel the is-secure variable */
+
+    DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
+         h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
+    if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
+
     for (hh = &h; hh != NULL; hh = hh->next)
-      {
       if (host_is_in_net(hh->address, sender_host_address, 0))
         {
         HDEBUG(D_host_lookup) debug_printf("  %s OK\n", hh->address);
@@ -1812,10 +1818,8 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++)
         break;
         }
       else
-        {
         HDEBUG(D_host_lookup) debug_printf("  %s\n", hh->address);
-        }
-      }
+
     if (!ok) HDEBUG(D_host_lookup)
       debug_printf("no IP address for %s matched %s\n", hname,
         sender_host_address);
@@ -1828,9 +1832,7 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++)
     return DEFER;
     }
   else
-    {
     HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
-    }
 
   /* If this name is no good, and it's the sender name, set it null pro tem;
   if it's an alias, just remove it from the list. */
@@ -2539,8 +2541,7 @@ that gets set for DNS syntax check errors. */
 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
          (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
-        dnssec_request
-        );
+        dnssec_request);
 host_find_failed_syntax = FALSE;
 
 /* First, if requested, look for SRV records. The service name is given; we
index f6c7433f59eef191f37d34304e9ce4712f7dc3c1..9a7444ed86ffce2369e99fc263758d97b293260f 100644 (file)
@@ -309,8 +309,8 @@ else if (string_is_ip_address(hostname, NULL) != 0)
 else
   {
   shost.name = string_copy(hostname);
-  if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
-      FALSE) != HOST_FOUND)
+  if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE,
+      NULL, FALSE) != HOST_FOUND)
     {
     *errstr = string_sprintf("no IP address found for host %s", shost.name);
     return -1;
index 33329f887ec1ac1b3aeeb74fd88abe1c312de8c8..79d083ef27474a13e2d86e4bcb129e3af8e02df4 100644 (file)
@@ -207,6 +207,7 @@ while ((hostname = string_nextinlist(&listptr, &sep, host_buffer,
     host->address = host->name;
   else
     {
+/*XXX might want dnssec request/require on an iplookup router? */
     int rc = host_find_byname(host, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE);
     if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) continue;
     }
index 37cc023d31400534b27e8740c60903fa068b4d40..b2f8b0fc808c0fabe0baf958dcda02bbeaa669ad 100644 (file)
@@ -3009,6 +3009,7 @@ else
 
     if (helo_verified)
       {
+      /*XXX have sender_host_dnssec */
       HDEBUG(D_receive) debug_printf("matched host name\n");
       }
     else
@@ -3018,6 +3019,7 @@ else
         {
         helo_verified = strcmpic(*aliases++, sender_helo_name) == 0;
         if (helo_verified) break;
+      /*XXX have sender_host_dnssec */
         }
       HDEBUG(D_receive)
         {
@@ -3039,6 +3041,8 @@ else
     h.next = NULL;
     HDEBUG(D_receive) debug_printf("getting IP address for %s\n",
       sender_helo_name);
+/*XXX would like to determine dnssec status here */
+/* need to change to bydns */
     rc = host_find_byname(&h, NULL, 0, NULL, TRUE);
     if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
       {
index 10cef82f14055eb1b4753a3a8faa9b63e61679d9..506b7e09b29f06fd739b7b83294e4c7334b69034 100644 (file)
@@ -3245,6 +3245,10 @@ if (*t == 0)
   h.address = NULL;
   h.mx = MX_NONE;
 
+  /* Using byname rather than bydns here means we cannot determine dnssec
+  status.  On the other hand it is unclear how that could be either
+  propagated up or enforced. */
+
   rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
   if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
     {
index 2d0d1ab4139817cbde31e19ee29087163eb87648..b4f06a104862e8d795d750c6559605954dc29128 100644 (file)
@@ -117,10 +117,7 @@ expanding: ----> No lookup yet: ${if eq{black}{white}{$sender_host_name}{No}}
    result: ----> No lookup yet: No
 looking up host name for V4NET.0.0.1
 IP address lookup yielded "ten-1.test.ex"
-using host_fake_gethostbyname for ten-1.test.ex (IPv4)
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=ten-1.test.ex address=V4NET.0.0.1
+ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx 
 checking addresses for ten-1.test.ex
   V4NET.0.0.1 OK
 sender_fullhost = ten-1.test.ex [V4NET.0.0.1]
@@ -160,13 +157,11 @@ looking up host name for V4NET.0.0.1
 DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) using fakens
 DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "ten-1.test.ex"
-using host_fake_gethostbyname for ten-1.test.ex (IPv4)
 DNS lookup of ten-1.test.ex (A) using fakens
 DNS lookup of ten-1.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=ten-1.test.ex address=V4NET.0.0.1
+ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx 
 checking addresses for ten-1.test.ex
+Forward DNS security status: unverified
   V4NET.0.0.1 OK
 sender_fullhost = ten-1.test.ex [V4NET.0.0.1]
 sender_rcvhost = ten-1.test.ex ([V4NET.0.0.1])
index ee9c757d81daa7dfa9454b24bb81fdb90f0f824a..dc674fc69c9a32a928dd09684d5107a90b9e8f3d 100644 (file)
 >>> host in host_lookup? yes (matched "10.250.104.0/21")
 >>> looking up host name for 10.250.104.42
 >>> IP address lookup yielded "manyhome.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=manyhome.test.ex address=10.250.104.0
->>>   name=manyhome.test.ex address=10.250.104.1
->>>   name=manyhome.test.ex address=10.250.104.2
->>>   name=manyhome.test.ex address=10.250.104.3
->>>   name=manyhome.test.ex address=10.250.104.4
->>>   name=manyhome.test.ex address=10.250.104.5
->>>   name=manyhome.test.ex address=10.250.104.6
->>>   name=manyhome.test.ex address=10.250.104.7
->>>   name=manyhome.test.ex address=10.250.104.8
->>>   name=manyhome.test.ex address=10.250.104.9
->>>   name=manyhome.test.ex address=10.250.104.10
->>>   name=manyhome.test.ex address=10.250.104.11
->>>   name=manyhome.test.ex address=10.250.104.12
->>>   name=manyhome.test.ex address=10.250.104.13
->>>   name=manyhome.test.ex address=10.250.104.14
->>>   name=manyhome.test.ex address=10.250.104.15
->>>   name=manyhome.test.ex address=10.250.104.16
->>>   name=manyhome.test.ex address=10.250.104.17
->>>   name=manyhome.test.ex address=10.250.104.18
->>>   name=manyhome.test.ex address=10.250.104.19
->>>   name=manyhome.test.ex address=10.250.104.20
->>>   name=manyhome.test.ex address=10.250.104.21
->>>   name=manyhome.test.ex address=10.250.104.22
->>>   name=manyhome.test.ex address=10.250.104.23
->>>   name=manyhome.test.ex address=10.250.104.24
->>>   name=manyhome.test.ex address=10.250.104.25
->>>   name=manyhome.test.ex address=10.250.104.26
->>>   name=manyhome.test.ex address=10.250.104.27
->>>   name=manyhome.test.ex address=10.250.104.28
->>>   name=manyhome.test.ex address=10.250.104.29
->>>   name=manyhome.test.ex address=10.250.104.30
->>>   name=manyhome.test.ex address=10.250.104.31
->>>   name=manyhome.test.ex address=10.250.104.32
->>>   name=manyhome.test.ex address=10.250.104.33
->>>   name=manyhome.test.ex address=10.250.104.34
->>>   name=manyhome.test.ex address=10.250.104.35
->>>   name=manyhome.test.ex address=10.250.104.36
->>>   name=manyhome.test.ex address=10.250.104.37
->>>   name=manyhome.test.ex address=10.250.104.38
->>>   name=manyhome.test.ex address=10.250.104.39
->>>   name=manyhome.test.ex address=10.250.104.40
->>>   name=manyhome.test.ex address=10.250.104.41
->>>   name=manyhome.test.ex address=10.250.104.42
->>>   name=manyhome.test.ex address=10.250.104.43
->>>   name=manyhome.test.ex address=10.250.104.44
->>>   name=manyhome.test.ex address=10.250.104.45
->>>   name=manyhome.test.ex address=10.250.104.46
->>>   name=manyhome.test.ex address=10.250.104.47
->>>   name=manyhome.test.ex address=10.250.104.48
->>>   name=manyhome.test.ex address=10.250.104.49
->>>   name=manyhome.test.ex address=10.250.104.50
->>>   name=manyhome.test.ex address=10.250.104.51
->>>   name=manyhome.test.ex address=10.250.104.52
->>>   name=manyhome.test.ex address=10.250.104.53
->>>   name=manyhome.test.ex address=10.250.104.54
->>>   name=manyhome.test.ex address=10.250.104.55
->>>   name=manyhome.test.ex address=10.250.104.56
->>>   name=manyhome.test.ex address=10.250.104.57
->>>   name=manyhome.test.ex address=10.250.104.58
->>>   name=manyhome.test.ex address=10.250.104.59
->>>   name=manyhome.test.ex address=10.250.104.60
->>>   name=manyhome.test.ex address=10.250.104.61
->>>   name=manyhome.test.ex address=10.250.104.62
 >>> checking addresses for manyhome.test.ex
->>>   10.250.104.0
->>>   10.250.104.1
+>>>   10.250.104.51
+>>>   10.250.104.17
 >>>   10.250.104.2
->>>   10.250.104.3
->>>   10.250.104.4
->>>   10.250.104.5
->>>   10.250.104.6
->>>   10.250.104.7
+>>>   10.250.104.26
 >>>   10.250.104.8
->>>   10.250.104.9
->>>   10.250.104.10
->>>   10.250.104.11
->>>   10.250.104.12
->>>   10.250.104.13
->>>   10.250.104.14
->>>   10.250.104.15
->>>   10.250.104.16
->>>   10.250.104.17
 >>>   10.250.104.18
->>>   10.250.104.19
->>>   10.250.104.20
+>>>   10.250.104.25
 >>>   10.250.104.21
->>>   10.250.104.22
+>>>   10.250.104.39
+>>>   10.250.104.32
+>>>   10.250.104.29
 >>>   10.250.104.23
->>>   10.250.104.24
->>>   10.250.104.25
->>>   10.250.104.26
->>>   10.250.104.27
+>>>   10.250.104.43
+>>>   10.250.104.46
 >>>   10.250.104.28
->>>   10.250.104.29
->>>   10.250.104.30
->>>   10.250.104.31
->>>   10.250.104.32
->>>   10.250.104.33
->>>   10.250.104.34
->>>   10.250.104.35
->>>   10.250.104.36
->>>   10.250.104.37
->>>   10.250.104.38
->>>   10.250.104.39
->>>   10.250.104.40
+>>>   10.250.104.4
 >>>   10.250.104.41
+>>>   10.250.104.15
+>>>   10.250.104.14
+>>>   10.250.104.45
 >>>   10.250.104.42 OK
 >>> host in host_reject_connection? no (option unset)
 >>> host in sender_unqualified_hosts? no (option unset)
index 7da37391784e70b3b5b8ea41bdc4538b131b10be..b05f70f39492560bf747bc5ebc4afcff1c1954cc 100644 (file)
@@ -1089,14 +1089,8 @@ LOG: H=[28.28.28.28] F=<a@baddomain> rejected RCPT <x@y>
 >>> looking up host name for V4NET.0.0.3
 >>> IP address lookup yielded "ten-3.test.ex"
 >>>   alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3.test.ex
 >>>   V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3-alias.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3-alias.test.ex
 >>>   V4NET.0.0.3 OK
 >>> require: condition test succeeded in ACL "acl_V4NET_0_0"
@@ -1139,6 +1133,7 @@ LOG: H=[V4NET.0.0.97] F=<> rejected RCPT <x@y>: host lookup failed for reverse l
 >>> looking up host name for V4NET.99.99.96
 >>> IP address lookup yielded "x.test.again.dns"
 >>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
 >>> temporary error for host name lookup
 >>> accept: condition test deferred in ACL "acl_V4NET_99_99"
 LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferred for reverse lookup check
@@ -1159,6 +1154,7 @@ LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferr
 >>> looking up host name for V4NET.99.99.96
 >>> IP address lookup yielded "x.test.again.dns"
 >>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
 >>> temporary error for host name lookup
 >>> accept: condition test succeeded in ACL "acl_V4NET_99_99"
 >>> end of ACL "acl_V4NET_99_99": ACCEPT
index 936b6961e568dee37b5aa9a6760f028a029e02b1..6bd2424ecf4898db552ff70e6ad61939e4456133 100644 (file)
@@ -29,9 +29,6 @@
 >>> sender host name required, to match against *-2.test.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "*-2.test.ex : *-3-alias.test.ex"? no (end of list)
@@ -78,9 +75,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1
 >>> sender host name required, to match against *-2.test.ex
 >>> looking up host name for V4NET.0.0.2
 >>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-2.test.ex address=V4NET.0.0.2
 >>> checking addresses for ten-2.test.ex
 >>>   V4NET.0.0.2 OK
 >>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-2.test.ex")
@@ -124,14 +118,8 @@ LOG: 10HmaY-0005vi-00 <= userx@somehost.example.com H=ten-2.test.ex [V4NET.0.0.2
 >>> looking up host name for V4NET.0.0.3
 >>> IP address lookup yielded "ten-3.test.ex"
 >>>   alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3.test.ex
 >>>   V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3-alias.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3-alias.test.ex
 >>>   V4NET.0.0.3 OK
 >>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-3-alias.test.ex")
index a32d6997880847237c401f89603959ce39ca65f0..b2dddb90962610f0577251f4788bb0108b8f6a61 100644 (file)
@@ -29,9 +29,6 @@
 >>> sender host name required, to match against ^[^\d]+2
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "^[^\d]+2"? no (end of list)
@@ -74,9 +71,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1
 >>> sender host name required, to match against ^[^\d]+2
 >>> looking up host name for V4NET.0.0.2
 >>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-2.test.ex address=V4NET.0.0.2
 >>> checking addresses for ten-2.test.ex
 >>>   V4NET.0.0.2 OK
 >>> host in "^[^\d]+2"? yes (matched "^[^\d]+2")
index 82b68bbc2e0414877dc763f902bb3edb563aada2..179cd8bb88e9e7ad4067f8b71f7f01237662c2e4 100644 (file)
@@ -29,9 +29,6 @@
 >>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? no (end of list)
@@ -74,9 +71,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1
 >>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts
 >>> looking up host name for V4NET.0.0.2
 >>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-2.test.ex address=V4NET.0.0.2
 >>> checking addresses for ten-2.test.ex
 >>>   V4NET.0.0.2 OK
 >>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? yes (matched "lsearch;TESTSUITE/aux-fixed/0064.hosts")
index de0821ac48c67fb049145a0c18e1b836d3dcb1ac..55973c8e9b452f527e730672a30804227482e3ac 100644 (file)
@@ -280,9 +280,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> sender host name required, to match against *-1.test.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "!TESTSUITE/aux-fixed/0066.nothosts : TESTSUITE/aux-var/0066.hostnets"? yes (matched "*-1.test.ex" in TESTSUITE/aux-var/0066.hostnets)
index 9008167df537c9de2639b2c2d836dd16a4d4e0ff..0af08eaa6603c129e5e68ba9903916f7c314bc60 100644 (file)
@@ -4,9 +4,6 @@
 >>> sender host name required, to match against ^ten-1\.test\.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in sender_unqualified_hosts? yes (matched "^ten-1\.test\.ex")
index 0453d22eb22ae97a89949d6fb9b294bbfddfee19..2bf1e9cdf49afc85b734364d90d3607d02fca0f8 100644 (file)
@@ -106,9 +106,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> verifying EHLO/HELO argument "ten-1.test.ex"
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> matched host name
@@ -130,14 +127,8 @@ MUNGED: ::1 will be omitted in what follows
 >>> looking up host name for V4NET.0.0.3
 >>> IP address lookup yielded "ten-3.test.ex"
 >>>   alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3.test.ex
 >>>   V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3-alias.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3-alias.test.ex
 >>>   V4NET.0.0.3 OK
 >>> matched host name
@@ -164,9 +155,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> verifying EHLO/HELO argument "rhubarb"
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> getting IP address for rhubarb
index bacb2914fce59b69434a10520c654d3e3329b2e5..00b552e2d94a26768de6708d0ecb0dbf8124cff1 100644 (file)
@@ -50,9 +50,6 @@ LOG: H=(abc_xyz) [V4NET.0.0.0] F=<userx@cus.cam.ac.uk> rejected RCPT <userx@else
 >>> sender host name required, to match against *N-99.test.EX
 >>> looking up host name for V4NET.0.0.99
 >>> IP address lookup yielded "ten-99.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-99.test.ex address=V4NET.0.0.99
 >>> checking addresses for ten-99.test.ex
 >>>   V4NET.0.0.99 OK
 >>> host in sender_unqualified_hosts? yes (matched "*N-99.test.EX")
index b9249cc946aaf29dba006ea73c8cfa6edf881993..5ab7516967998d9fb3194994271bf599f927ff19 100644 (file)
@@ -33,9 +33,6 @@ LOG: H=[V4NET.11.12.13] F=<userx@cam.ac.uk> rejected RCPT <userx@cam.ac.uk>: rel
 >>> host in host_lookup? yes (matched "0.0.0.0/0")
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in host_reject_connection? no (option unset)
@@ -87,21 +84,17 @@ DNS lookup of 90.99.99.V4NET.in-addr.arpa (PTR) using fakens
 DNS lookup of 90.99.99.V4NET.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "oneback.test.ex"
   alias "host1.masq.test.ex"
-using host_fake_gethostbyname for oneback.test.ex (IPv4)
 DNS lookup of oneback.test.ex (A) using fakens
 DNS lookup of oneback.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=oneback.test.ex address=V4NET.99.99.90
+oneback.test.ex V4NET.99.99.90 mx=-1 sort=xx 
 checking addresses for oneback.test.ex
+Forward DNS security status: unverified
   V4NET.99.99.90 OK
-using host_fake_gethostbyname for host1.masq.test.ex (IPv4)
 DNS lookup of host1.masq.test.ex (A) using fakens
 DNS lookup of host1.masq.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=host1.masq.test.ex address=V4NET.90.90.90
+host1.masq.test.ex V4NET.90.90.90 mx=-1 sort=xx 
 checking addresses for host1.masq.test.ex
+Forward DNS security status: unverified
   V4NET.90.90.90
 no IP address for host1.masq.test.ex matched V4NET.99.99.90
 sender_fullhost = oneback.test.ex [V4NET.99.99.90]
index 3f90c7c063df962f058657510419ddcd4017f023..02f42e0a038002ad54b1d49dc821da2ba2495be0 100644 (file)
@@ -9,9 +9,6 @@
 >>> myhost.test.ex in helo_lookup_domains? yes (matched "@")
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in hosts_connection_nolog? no (option unset)
@@ -25,9 +22,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> [127.0.0.1] in helo_lookup_domains? yes (matched "@[]")
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in dsn_advertise_hosts? no (option unset)
index d8aca4e8d08c1a98615eae684c4a3e4e7f6db221..244f96c0f33db3b71f23c959df141c837bb7eb23 100644 (file)
@@ -33,9 +33,6 @@ LOG: no host name found for IP address V4NET.0.0.97
 >>> sender host name required, to match against *.test.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "*.test.ex"? yes (matched "*.test.ex")
index a24ef419f75bc7a4b641edfed2382a9824b6a11e..d5e9ee6fce2d4422b823e2f3a60cda5f62a9b104 100644 (file)
@@ -39,21 +39,17 @@ DNS lookup of 97.99.99.V4NET.in-addr.arpa (PTR) using fakens
 DNS lookup of 97.99.99.V4NET.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "x.gov.uk.test.ex"
   alias "x.co.uk.test.ex"
-using host_fake_gethostbyname for x.gov.uk.test.ex (IPv4)
 DNS lookup of x.gov.uk.test.ex (A) using fakens
 DNS lookup of x.gov.uk.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=x.gov.uk.test.ex address=V4NET.99.99.97
+x.gov.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx 
 checking addresses for x.gov.uk.test.ex
+Forward DNS security status: unverified
   V4NET.99.99.97 OK
-using host_fake_gethostbyname for x.co.uk.test.ex (IPv4)
 DNS lookup of x.co.uk.test.ex (A) using fakens
 DNS lookup of x.co.uk.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=x.co.uk.test.ex address=V4NET.99.99.97
+x.co.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx 
 checking addresses for x.co.uk.test.ex
+Forward DNS security status: unverified
   V4NET.99.99.97 OK
 sender_fullhost = x.gov.uk.test.ex [V4NET.99.99.97]
 sender_rcvhost = x.gov.uk.test.ex ([V4NET.99.99.97] ident=CALLER)
index 6caf2cd05e2daac8650434857c58e69560e5e16f..efd8de912cd3bce2891ada2a27c5f0ce419dd39a 100644 (file)
@@ -22,9 +22,6 @@ LOG: H=[2001:0ab8:037f:0020:0000:0000:0000:0001] Warning: matched hostlist
 >>> host in host_lookup? yes (matched "*")
 >>> looking up host name for V6NET:1234:0005:0006:0007:0008:0abc:000d
 >>> IP address lookup yielded "test3.ipv6.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=test3.ipv6.test.ex address=V6NET:1234:5:6:7:8:abc:d
 >>> checking addresses for test3.ipv6.test.ex
 >>>   V6NET:1234:5:6:7:8:abc:d OK
 >>> host in host_reject_connection? no (option unset)
index 2669d93731816bea23b08ece5d2bd755e205b236..043e9956901284f265849468696d49c191466167 100644 (file)
@@ -46,13 +46,12 @@ looking up host name for ip4.ip4.ip4.ip4
 DNS lookup of ip4-reverse.in-addr.arpa (PTR) using fakens
 DNS lookup of ip4-reverse.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "the.local.host.name"
-using host_fake_gethostbyname for the.local.host.name (IPv4)
 DNS lookup of the.local.host.name (A) using fakens
 DNS lookup of the.local.host.name (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=the.local.host.name address=ip4.ip4.ip4.ip4
+local host found for non-MX address
+the.local.host.name ip4.ip4.ip4.ip4 mx=-1 sort=xx 
 checking addresses for the.local.host.name
+Forward DNS security status: unverified
   ip4.ip4.ip4.ip4 OK
 sender_fullhost = the.local.host.name [ip4.ip4.ip4.ip4]
 sender_rcvhost = the.local.host.name ([ip4.ip4.ip4.ip4])