Support /defer_ok on verify=reverse_host_lookup. Bug 344

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d5a16cacc2eebf93d37f92d4dad8656516b2c86f..77d966d6df2cd82aed58bb65361d73eee1506c12 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -28824,7 +28824,7 @@ verified is redirected to a single address, verification continues with the new
 address, and in that case, the subsequent value of &$address_data$& is the
 value for the child address.
 
 address, and in that case, the subsequent value of &$address_data$& is the
 value for the child address.
 

-.vitem &*verify&~=&~reverse_host_lookup*&
+.vitem &*verify&~=&~reverse_host_lookup/*&<&'options'&>

 .cindex "&%verify%& ACL condition"
 .cindex "&ACL;" "verifying host reverse lookup"
 .cindex "host" "verifying reverse lookup"
 .cindex "&%verify%& ACL condition"
 .cindex "&ACL;" "verifying host reverse lookup"
 .cindex "host" "verifying reverse lookup"


@@ -28835,6 +28835,9 @@ Verification ensures that the host name obtained from a reverse DNS lookup, or
 one of its aliases, does, when it is itself looked up in the DNS, yield the
 original IP address.
 
 one of its aliases, does, when it is itself looked up in the DNS, yield the
 original IP address.
 

+There is one possible option, &`defer_ok`&.  If this is present and a
+DNS operation returns a temporary error, the verify condition succeeds.
+

 If this condition is used for a locally generated message (that is, when there
 is no client host involved), it always succeeds.
 
 If this condition is used for a locally generated message (that is, when there
 is no client host involved), it always succeeds.
 

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 57df78280b02b7c55951c7edc9a6377083a4d312..bfe872503d06106850a70e62d1e54c8518e54000 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -47,6 +47,9 @@ JH/11 The incoming_interface log option now also enables logging of the
 JH/12 The cutthrough-routing facility now supports multi-recipient mails,
       if the interface and destination host and port all match.
 
 JH/12 The cutthrough-routing facility now supports multi-recipient mails,
       if the interface and destination host and port all match.
 

+JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
+      /defer_ok option.
+

 
 
 Exim version 4.85
 
 
 Exim version 4.85

diff --git a/src/src/acl.c b/src/src/acl.c
index 06c1c494c09f71579548c6894a7d9629e6eaf961..f0716e0168693adeeab61e8c2f25a5eb8d7fa009 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1662,7 +1662,7 @@ typedef struct {
   unsigned alt_opt_sep;                /* >0 Non-/ option separator (custom parser) */
   } verify_type_t;
 static verify_type_t verify_type_list[] = {
   unsigned alt_opt_sep;                /* >0 Non-/ option separator (custom parser) */
   } verify_type_t;
 static verify_type_t verify_type_list[] = {

-    { US"reverse_host_lookup", VERIFY_REV_HOST_LKUP,   ~0,     TRUE, 0 },
+    { US"reverse_host_lookup", VERIFY_REV_HOST_LKUP,   ~0,     FALSE, 0 },

     { US"certificate",         VERIFY_CERT,            ~0,     TRUE, 0 },
     { US"helo",                        VERIFY_HELO,            ~0,     TRUE, 0 },
     { US"csa",                 VERIFY_CSA,             ~0,     FALSE, 0 },
     { US"certificate",         VERIFY_CERT,            ~0,     TRUE, 0 },
     { US"helo",                        VERIFY_HELO,            ~0,     TRUE, 0 },
     { US"csa",                 VERIFY_CSA,             ~0,     FALSE, 0 },


@@ -1783,7 +1783,11 @@ switch(vp->value)
   {
   case VERIFY_REV_HOST_LKUP:
     if (sender_host_address == NULL) return OK;
   {
   case VERIFY_REV_HOST_LKUP:
     if (sender_host_address == NULL) return OK;

-    return acl_verify_reverse(user_msgptr, log_msgptr);
+    if ((rc = acl_verify_reverse(user_msgptr, log_msgptr)) == DEFER)
+      while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
+       if (strcmpic(ss, US"defer_ok") == 0)
+         return OK;
+    return rc;

 
   case VERIFY_CERT:
     /* TLS certificate verification is done at STARTTLS time; here we just
 
   case VERIFY_CERT:
     /* TLS certificate verification is done at STARTTLS time; here we just

diff --git a/test/confs/0023 b/test/confs/0023
index 2e5e15cb246cc0b70e4c2294b737a7496e348d67..43f140d659dc84e634ce5e777c1d17262aab0ba4 100644 (file)
--- a/test/confs/0023
+++ b/test/confs/0023
@@ -98,6 +98,10 @@ acl_9_9_9:
 acl_V4NET_0_0:
   require verify = reverse_host_lookup
   accept
 acl_V4NET_0_0:
   require verify = reverse_host_lookup
   accept

+acl_V4NET_99_99:
+  accept  local_parts = defer_ok
+         verify = reverse_host_lookup/defer_ok
+  accept  verify = reverse_host_lookup

 
 acl_V4NET_11_12:
   deny    message = host in DNS list $dnslist_domain: $dnslist_text
 
 acl_V4NET_11_12:
   deny    message = host in DNS list $dnslist_domain: $dnslist_text

diff --git a/test/scripts/0000-Basic/0023 b/test/scripts/0000-Basic/0023
index 51e7123d0d3cc535dcdf8d3622b36efbcf711ec7..3c028a1f02192103d71ee546418b93d195ab3792 100644 (file)
--- a/test/scripts/0000-Basic/0023
+++ b/test/scripts/0000-Basic/0023
@@ -189,6 +189,17 @@ mail from:<>
 rcpt to:<x@y>
 quit
 ****
 rcpt to:<x@y>
 quit
 ****

+# This resolves to a name which will give `try again' when looked up
+exim -bh V4NET.99.99.96
+mail from:<>
+rcpt to:<x@y>
+quit
+****
+exim -bh V4NET.99.99.96
+mail from:<>
+rcpt to:<defer_ok@y>
+quit
+****

 exim -bh 29.29.29.29
 mail from:<a@localhost>
 rcpt to:<x@y>
 exim -bh 29.29.29.29
 mail from:<a@localhost>
 rcpt to:<x@y>

diff --git a/test/stderr/0023 b/test/stderr/0023
index 89c1d3993fd8814b4746e7eb740a6d159a26c49d..7da37391784e70b3b5b8ea41bdc4538b131b10be 100644 (file)
--- a/test/stderr/0023
+++ b/test/stderr/0023
@@ -1128,6 +1128,48 @@ LOG: H=[V4NET.0.0.97] F=<> rejected RCPT <x@y>: host lookup failed for reverse l
 >>> host in helo_verify_hosts? no (option unset)
 >>> host in helo_try_verify_hosts? no (option unset)
 >>> host in helo_accept_junk_hosts? no (option unset)
 >>> host in helo_verify_hosts? no (option unset)
 >>> host in helo_try_verify_hosts? no (option unset)
 >>> host in helo_accept_junk_hosts? no (option unset)

+>>> using ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check local_parts = defer_ok
+>>> x in "defer_ok"? no (end of list)
+>>> accept: condition test failed in ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check verify = reverse_host_lookup
+>>> looking up host name to force name/address consistency check
+>>> looking up host name for V4NET.99.99.96
+>>> IP address lookup yielded "x.test.again.dns"
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> temporary error for host name lookup
+>>> accept: condition test deferred in ACL "acl_V4NET_99_99"
+LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferred for reverse lookup check
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> using ACL "acl_V4NET_99_99"
+>>> processing "accept"
+>>> check local_parts = defer_ok
+>>> defer_ok in "defer_ok"? yes (matched "defer_ok")
+>>> check verify = reverse_host_lookup/defer_ok
+>>> looking up host name to force name/address consistency check
+>>> looking up host name for V4NET.99.99.96
+>>> IP address lookup yielded "x.test.again.dns"
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> temporary error for host name lookup
+>>> accept: condition test succeeded in ACL "acl_V4NET_99_99"
+>>> end of ACL "acl_V4NET_99_99": ACCEPT
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)

 >>> using ACL "acl_29_29_29"
 >>> processing "deny"
 >>> check dnslists = test.ex/$sender_address_domain
 >>> using ACL "acl_29_29_29"
 >>> processing "deny"
 >>> check dnslists = test.ex/$sender_address_domain

diff --git a/test/stdout/0023 b/test/stdout/0023
index b805f334bbfe2d9a87c03765041f8f83310d6fdb..a835f2a4eeaa6d1871189d960aca41ba8330c423 100644 (file)
--- a/test/stdout/0023
+++ b/test/stdout/0023
@@ -302,6 +302,24 @@
 550 Administrative prohibition\r
 221 myhost.test.ex closing connection\r
 
 550 Administrative prohibition\r
 221 myhost.test.ex closing connection\r
 

+**** SMTP testing session as if from host V4NET.99.99.96
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+451 Temporary local problem - please try later\r
+221 myhost.test.ex closing connection\r
+
+**** SMTP testing session as if from host V4NET.99.99.96
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+

 **** SMTP testing session as if from host 29.29.29.29
 **** but without any ident (RFC 1413) callback.
 **** This is not for real!
 **** SMTP testing session as if from host 29.29.29.29
 **** but without any ident (RFC 1413) callback.
 **** This is not for real!