X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fhost.c;h=785eea412bd33faae15a86278fdf72b29ce0b46d;hp=9dc9c9a3e03037351770d9af459296c23a6c0f0d;hb=61147df48889217a1c1023d8c6e2431c24967686;hpb=c4ceed07f17f67af7d96e7fd27c92eb374e62e19

diff --git a/src/src/host.c b/src/src/host.c
index 9dc9c9a3e..785eea412 100644
--- a/src/src/host.c
+++ b/src/src/host.c
@@ -1177,10 +1177,10 @@ host_is_tls_on_connect_port(int port)
 {
 int sep = 0;
 uschar buffer[32];
-uschar *list = tls_on_connect_ports;
+uschar *list = tls_in.on_connect_ports;
 uschar *s;
 
-if (tls_on_connect) return TRUE;
+if (tls_in.on_connect) return TRUE;
 
 while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
   {
@@ -1597,7 +1597,7 @@ dns_record *rr;
 dns_answer dnsa;
 dns_scan dnss;
 
-host_lookup_deferred = host_lookup_failed = FALSE;
+sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
 
 HDEBUG(D_host_lookup)
   debug_printf("looking up host name for %s\n", sender_host_address);
@@ -1639,6 +1639,13 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
       int count = 0;
       int old_pool = store_pool;
 
+      /* Ideally we'd check DNSSEC both forward and reverse, but we use the
+      gethost* routines for forward, so can't do that unless/until we rewrite. */
+      sender_host_dnssec = dns_is_secure(&dnsa);
+      DEBUG(D_dns)
+        debug_printf("Reverse DNS security status: %s\n",
+            sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
+
       store_pool = POOL_PERM;        /* Save names in permanent storage */
 
       for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);