From: Jeremy Harris Date: Fri, 5 Dec 2014 15:50:51 +0000 (+0000) Subject: Disable identd (rfc1413) lookups by default X-Git-Tag: exim-4_91_RC1~148^2~42^2~62 X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/ac803d82dcb0d4c5340d43dbaeb601702f7a014c Disable identd (rfc1413) lookups by default --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e070616c7..9cf67ec54 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -15658,13 +15658,15 @@ the time of delivery. They are normally used only for final local deliveries. This option is an obsolete synonym for &%bounce_return_size_limit%&. -.option rfc1413_hosts main "host list&!!" * +.option rfc1413_hosts main "host list&!!" @[] .cindex "RFC 1413" .cindex "host" "for RFC 1413 calls" -RFC 1413 identification calls are made to any client host which matches an item -in the list. +RFC 1413 identification calls are made to any client host which matches +an item in the list. +The default value specifies just this host, being any local interface +for the system. -.option rfc1413_query_timeout main time 5s +.option rfc1413_query_timeout main time 0s .cindex "RFC 1413" "query timeout" .cindex "timeout" "for RFC 1413 call" This sets the timeout on RFC 1413 identification calls. If it is set to zero, diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6b81f60e0..0f09e20c4 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -26,6 +26,9 @@ JH/06 Verification of the server certificate for a TLS connection is now tried default, for both outbound TLS and client-certificate supplying inbound TLS connections +JH/07 Changed the default rfc1413 lookup settings to disable calls. Few + sites use this now. + Exim version 4.85 ----------------- diff --git a/src/src/configure.default b/src/src/configure.default index 12743499c..c16221fc1 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -221,18 +221,19 @@ never_users = root host_lookup = * -# The settings below, which are actually the same as the defaults in the -# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP -# calls. You can limit the hosts to which these calls are made, and/or change -# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls -# are disabled. RFC 1413 calls are cheap and can provide useful information -# for tracing problem messages, but some hosts and firewalls have problems -# with them. This can result in a timeout instead of an immediate refused -# connection, leading to delays on starting up SMTP sessions. (The default was -# reduced from 30s to 5s for release 4.61.) - -rfc1413_hosts = * -rfc1413_query_timeout = 5s +# The settings below cause Exim to make RFC 1413 (ident) callbacks +# for all incoming SMTP calls. You can limit the hosts to which these +# calls are made, and/or change the timeout that is used. If you set +# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls +# are cheap and can provide useful information for tracing problem +# messages, but some hosts and firewalls have problems with them. +# This can result in a timeout instead of an immediate refused +# connection, leading to delays on starting up SMTP sessions. +# (The default was reduced from 30s to 5s for release 4.61. and to +# disabled for release 4.86) +# +#rfc1413_hosts = * +#rfc1413_query_timeout = 5s # By default, Exim expects all envelope addresses to be fully qualified, that diff --git a/src/src/globals.c b/src/src/globals.c index 5cd738bbb..8cdfb0ee0 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1076,8 +1076,8 @@ retry_config *retries = NULL; uschar *return_path = NULL; BOOL return_path_remove = TRUE; int rewrite_existflags = 0; -uschar *rfc1413_hosts = US"*"; -int rfc1413_query_timeout = 5; +uschar *rfc1413_hosts = US"@[]"; +int rfc1413_query_timeout = 0; /* BOOL rfc821_domains = FALSE; <<< on the way out */ uid_t root_gid = ROOT_GID; uid_t root_uid = ROOT_UID;