From 4ae338f1b9014e93e96fc87d94ba8a4a97730124 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 8 Jul 2024 17:27:54 +0100 Subject: [PATCH] Debug: add note on DANE unusability --- src/src/transports/smtp.c | 2 ++ test/stderr/0143 | 1 + test/stderr/0398 | 1 + test/stderr/0432 | 1 + test/stderr/0450 | 2 ++ test/stderr/0476 | 2 ++ test/stderr/0512 | 6 ++++++ test/stderr/0623 | 3 +++ test/stderr/0909 | 5 +++++ test/stderr/2035 | 1 + test/stderr/2135 | 1 + test/stderr/4052 | 1 + test/stderr/5410 | 3 +++ test/stderr/5420 | 3 +++ 14 files changed, 32 insertions(+) diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index a5caf3de6..8296814b5 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -2303,6 +2303,8 @@ if (!continue_hostname) # endif return FAIL; } + else DEBUG(D_transport) + debug_printf("lack of DNSSEC traceability precludes DANE\n"); } #endif /*DANE*/ diff --git a/test/stderr/0143 b/test/stderr/0143 index 0a73ce275..865c0c546 100644 --- a/test/stderr/0143 +++ b/test/stderr/0143 @@ -24,6 +24,7 @@ hostlist: checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111/ip4.ip4.ip4.ip4 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@domain.com) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S from ip4.ip4.ip4.ip4 ... connected SMTP<< 220 ESMTP diff --git a/test/stderr/0398 b/test/stderr/0398 index bb31becd4..081215ec7 100644 --- a/test/stderr/0398 +++ b/test/stderr/0398 @@ -151,6 +151,7 @@ Attempting full verification using callout EXIM_DBCLOSE(0xAAAAAAAA) closed hints database interface=NULL port=PORT_S +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... 127.0.0.1 in hosts_try_fastopen? list element: diff --git a/test/stderr/0432 b/test/stderr/0432 index 1f17d175d..a8a571ca4 100644 --- a/test/stderr/0432 +++ b/test/stderr/0432 @@ -104,6 +104,7 @@ Attempting full verification using callout EXIM_DBCLOSE(0xAAAAAAAA) closed hints database interface=NULL port=PORT_S +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... 127.0.0.1 in hosts_try_fastopen? list element: diff --git a/test/stderr/0450 b/test/stderr/0450 index 095135bbf..086e7474c 100644 --- a/test/stderr/0450 +++ b/test/stderr/0450 @@ -20,6 +20,7 @@ getting address for 127.0.0.1 checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... failed: Connection refused LOG: MAIN @@ -52,6 +53,7 @@ no host retry record no message retry record 127.0.0.1 [127.0.0.1]:1112 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D2 ... failed: Connection refused LOG: MAIN diff --git a/test/stderr/0476 b/test/stderr/0476 index ee229ff93..e4667407c 100644 --- a/test/stderr/0476 +++ b/test/stderr/0476 @@ -19,6 +19,7 @@ checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@test.ex) set_process_info: pppp delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1]:PORT_S (userx@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... connected SMTP<< 220 Server ready @@ -90,6 +91,7 @@ checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaZ-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (CALLER@the.local.host.name) set_process_info: pppp delivering 10HmaZ-000000005vi-0000 to 127.0.0.1 [127.0.0.1]:PORT_S (CALLER@the.local.host.name) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... failed: Connection refused LOG: MAIN diff --git a/test/stderr/0512 b/test/stderr/0512 index f3979815b..3994b704a 100644 --- a/test/stderr/0512 +++ b/test/stderr/0512 @@ -18,6 +18,7 @@ no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex) hosts_max_try limit reached with this host +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... failed: Connection refused LOG: MAIN @@ -31,6 +32,7 @@ no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex) hosts_max_try limit reached with this host +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... failed: Connection refused LOG: MAIN @@ -44,6 +46,7 @@ no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex) hosts_max_try limit reached with this host +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... failed: Connection refused LOG: MAIN @@ -57,6 +60,7 @@ no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex) hosts_max_try limit reached with this host +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... failed: Connection refused LOG: MAIN @@ -119,6 +123,7 @@ no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaZ-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex) hosts_max_try limit reached with this host +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... failed: Connection refused LOG: MAIN @@ -132,6 +137,7 @@ no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaZ-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex) hosts_max_try limit reached with this host +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_S ... failed: Connection refused LOG: MAIN diff --git a/test/stderr/0623 b/test/stderr/0623 index 3786f7168..9131732eb 100644 --- a/test/stderr/0623 +++ b/test/stderr/0623 @@ -19,6 +19,7 @@ getting address for 127.0.0.1 checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaZ-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (tempreject@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready @@ -89,6 +90,7 @@ no host retry record no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmbA-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (permreject@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready @@ -159,6 +161,7 @@ no host retry record no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmbB-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (permreject@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready diff --git a/test/stderr/0909 b/test/stderr/0909 index 3ba13b3b0..5950dd510 100644 --- a/test/stderr/0909 +++ b/test/stderr/0909 @@ -23,6 +23,7 @@ getting address for 127.0.0.1 checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (good@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready @@ -93,6 +94,7 @@ getting address for 127.0.0.1 checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaY-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (nopipe@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready @@ -162,6 +164,7 @@ getting address for 127.0.0.1 checking retry status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaZ-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (tempreject@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready @@ -236,6 +239,7 @@ no host retry record no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmbA-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (permreject@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready @@ -310,6 +314,7 @@ no host retry record no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmbB-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (dataloss@test.ex) +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 Server ready diff --git a/test/stderr/2035 b/test/stderr/2035 index 920205672..e99c7314a 100644 --- a/test/stderr/2035 +++ b/test/stderr/2035 @@ -4,6 +4,7 @@ configuration file is TESTSUITE/test-config admin user LOG: smtp_connection MAIN SMTP connection from CALLER +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/stderr/2135 b/test/stderr/2135 index 920205672..e99c7314a 100644 --- a/test/stderr/2135 +++ b/test/stderr/2135 @@ -4,6 +4,7 @@ configuration file is TESTSUITE/test-config admin user LOG: smtp_connection MAIN SMTP connection from CALLER +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D ... connected SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/stderr/4052 b/test/stderr/4052 index f90265149..3d4a4501f 100644 --- a/test/stderr/4052 +++ b/test/stderr/4052 @@ -22,6 +22,7 @@ no message retry record 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmbP-000000005vi-0000 to 127.0.0.1 [127.0.0.1] (extchange@test.ex) Transport port=25 replaced by host-specific port=PORT_D +lack of DNSSEC traceability precludes DANE EHLO response bits from cache: cleartext 0x0120/0x0000 crypted 0x0000/0x0000 Using cached cleartext PIPECONNECT SMTP|> EHLO the.local.host.name diff --git a/test/stderr/5410 b/test/stderr/5410 index 9b4f0ff8a..273d4eecd 100644 --- a/test/stderr/5410 +++ b/test/stderr/5410 @@ -124,6 +124,7 @@ domain.com in "*"? try option transport try option unseen try option interface +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D from ip4.ip4.ip4.ip4 ... try option dscp 127.0.0.1 in hosts_try_fastopen? @@ -781,6 +782,7 @@ domain.com in "*"? try option transport try option unseen try option interface +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D from ip4.ip4.ip4.ip4 ... try option dscp 127.0.0.1 in hosts_try_fastopen? @@ -1388,6 +1390,7 @@ domain.com in "*"? try option transport try option unseen try option interface +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D from ip4.ip4.ip4.ip4 ... try option dscp 127.0.0.1 in hosts_try_fastopen? diff --git a/test/stderr/5420 b/test/stderr/5420 index caa9e0de0..0049a548f 100644 --- a/test/stderr/5420 +++ b/test/stderr/5420 @@ -124,6 +124,7 @@ domain.com in "*"? try option transport try option unseen try option interface +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D from ip4.ip4.ip4.ip4 ... try option dscp 127.0.0.1 in hosts_try_fastopen? @@ -781,6 +782,7 @@ domain.com in "*"? try option transport try option unseen try option interface +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D from ip4.ip4.ip4.ip4 ... try option dscp 127.0.0.1 in hosts_try_fastopen? @@ -1388,6 +1390,7 @@ domain.com in "*"? try option transport try option unseen try option interface +lack of DNSSEC traceability precludes DANE Connecting to 127.0.0.1 [127.0.0.1]:PORT_D from ip4.ip4.ip4.ip4 ... try option dscp 127.0.0.1 in hosts_try_fastopen? -- 2.30.2