Change host_lookup re-forward from byname to bydns; checking DNSSEC
authorJeremy Harris <jgh146exb@wizmail.org>
Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)
24 files changed:
doc/doc-docbook/spec.xfpt
doc/doc-txt/ChangeLog
src/src/functions.h
src/src/host.c
src/src/ip.c
src/src/routers/iplookup.c
src/src/smtp_in.c
src/src/verify.c
test/stderr/0002
test/stderr/0020
test/stderr/0023
test/stderr/0062
test/stderr/0063
test/stderr/0064
test/stderr/0066
test/stderr/0069
test/stderr/0070
test/stderr/0089
test/stderr/0094
test/stderr/0303
test/stderr/0308
test/stderr/0381
test/stderr/1000
test/stderr/2202

index d4ebf46..c1668c7 100644 (file)
@@ -12223,7 +12223,8 @@ received. It is empty if there was no successful authentication. See also
 If an attempt to populate &$sender_host_name$& has been made
 (by reference, &%hosts_lookup%& or
 otherwise) then this boolean will have been set true if, and only if, the
-resolver library states that the reverse DNS was authenticated data.  At all
+resolver library states that both
+the reverse and forward DNS were authenticated data.  At all
 other times, this variable is false.
 
 It is likely that you will need to coerce DNSSEC support on in the resolver
@@ -12235,9 +12236,6 @@ dns_dnssec_ok = 1
 Exim does not perform DNSSEC validation itself, instead leaving that to a
 validating resolver (eg, unbound, or bind with suitable configuration).
 
-Exim does not (currently) check to see if the forward DNS was also secured
-with DNSSEC, only the reverse DNS.
-
 If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
 mechanism in the list, then this variable will be false.
 
index 789887e..c6825d5 100644 (file)
@@ -103,6 +103,9 @@ JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
 
 JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
 
+JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
+      when evaluating $sender_host_dnssec.
+
 
 Exim version 4.85
 -----------------
index 6b0689b..c3095c0 100644 (file)
@@ -197,7 +197,8 @@ extern void    host_build_hostlist(host_item **, const uschar *, BOOL);
 extern ip_address_item *host_build_ifacelist(const uschar *, uschar *);
 extern void    host_build_log_info(void);
 extern void    host_build_sender_fullhost(void);
-extern BOOL    host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL);
+extern BOOL    host_find_byname(host_item *, const uschar *, int,
+                               const uschar **, BOOL);
 extern int     host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *,
                  uschar *, const dnssec_domains *, const uschar **, BOOL *);
 extern ip_address_item *host_find_interfaces(void);
index b3d38c5..4772a7c 100644 (file)
@@ -1639,8 +1639,7 @@ if (running_in_test_harness &&
 /* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
 the order specified by the host_lookup_order option. */
 
-while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
-        != NULL)
+while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
   {
   if (strcmpic(ordername, US"bydns") == 0)
     {
@@ -1661,8 +1660,6 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
       int count = 0;
       int old_pool = store_pool;
 
-      /* Ideally we'd check DNSSEC both forward and reverse, but we use the
-      gethost* routines for forward, so can't do that unless/until we rewrite. */
       sender_host_dnssec = dns_is_secure(&dnsa);
       DEBUG(D_dns)
         debug_printf("Reverse DNS security status: %s\n",
@@ -1710,8 +1707,8 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
             "empty name: treated as non-existent host name\n");
           continue;
           }
-        if (sender_host_name == NULL) sender_host_name = s;
-          else *aptr++ = s;
+        if (!sender_host_name) sender_host_name = s;
+       else *aptr++ = s;
         while (*s != 0) { *s = tolower(*s); s++; }
         }
 
@@ -1790,21 +1787,30 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++)
   int rc;
   BOOL ok = FALSE;
   host_item h;
+  dnssec_domains d;
+
   h.next = NULL;
   h.name = hname;
   h.mx = MX_NONE;
   h.address = NULL;
+  d.request = sender_host_dnssec ? US"*" : NULL;;
+  d.require = NULL;
 
-  /* When called with the last argument FALSE, host_find_byname() won't return
-  HOST_FOUND_LOCAL. If the incoming address is an IPv4 address expressed in
-  IPv6 format, we must compare the IPv4 part to any IPv4 addresses. */
-
-  if ((rc = host_find_byname(&h, NULL, 0, NULL, FALSE)) == HOST_FOUND)
+  if (  (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A,
+         NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
+     || rc == HOST_FOUND_LOCAL
+     )
     {
     host_item *hh;
     HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
+
+    /* If the forward lookup was not secure we cancel the is-secure variable */
+
+    DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
+         h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
+    if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
+
     for (hh = &h; hh != NULL; hh = hh->next)
-      {
       if (host_is_in_net(hh->address, sender_host_address, 0))
         {
         HDEBUG(D_host_lookup) debug_printf("  %s OK\n", hh->address);
@@ -1812,10 +1818,8 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++)
         break;
         }
       else
-        {
         HDEBUG(D_host_lookup) debug_printf("  %s\n", hh->address);
-        }
-      }
+
     if (!ok) HDEBUG(D_host_lookup)
       debug_printf("no IP address for %s matched %s\n", hname,
         sender_host_address);
@@ -1828,9 +1832,7 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++)
     return DEFER;
     }
   else
-    {
     HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
-    }
 
   /* If this name is no good, and it's the sender name, set it null pro tem;
   if it's an alias, just remove it from the list. */
@@ -2539,8 +2541,7 @@ that gets set for DNS syntax check errors. */
 if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
 dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
          (whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
-        dnssec_request
-        );
+        dnssec_request);
 host_find_failed_syntax = FALSE;
 
 /* First, if requested, look for SRV records. The service name is given; we
index f6c7433..9a7444e 100644 (file)
@@ -309,8 +309,8 @@ else if (string_is_ip_address(hostname, NULL) != 0)
 else
   {
   shost.name = string_copy(hostname);
-  if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
-      FALSE) != HOST_FOUND)
+  if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE,
+      NULL, FALSE) != HOST_FOUND)
     {
     *errstr = string_sprintf("no IP address found for host %s", shost.name);
     return -1;
index 33329f8..79d083e 100644 (file)
@@ -207,6 +207,7 @@ while ((hostname = string_nextinlist(&listptr, &sep, host_buffer,
     host->address = host->name;
   else
     {
+/*XXX might want dnssec request/require on an iplookup router? */
     int rc = host_find_byname(host, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE);
     if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) continue;
     }
index 37cc023..b2f8b0f 100644 (file)
@@ -3009,6 +3009,7 @@ else
 
     if (helo_verified)
       {
+      /*XXX have sender_host_dnssec */
       HDEBUG(D_receive) debug_printf("matched host name\n");
       }
     else
@@ -3018,6 +3019,7 @@ else
         {
         helo_verified = strcmpic(*aliases++, sender_helo_name) == 0;
         if (helo_verified) break;
+      /*XXX have sender_host_dnssec */
         }
       HDEBUG(D_receive)
         {
@@ -3039,6 +3041,8 @@ else
     h.next = NULL;
     HDEBUG(D_receive) debug_printf("getting IP address for %s\n",
       sender_helo_name);
+/*XXX would like to determine dnssec status here */
+/* need to change to bydns */
     rc = host_find_byname(&h, NULL, 0, NULL, TRUE);
     if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
       {
index 10cef82..506b7e0 100644 (file)
@@ -3245,6 +3245,10 @@ if (*t == 0)
   h.address = NULL;
   h.mx = MX_NONE;
 
+  /* Using byname rather than bydns here means we cannot determine dnssec
+  status.  On the other hand it is unclear how that could be either
+  propagated up or enforced. */
+
   rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
   if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
     {
index 2d0d1ab..b4f06a1 100644 (file)
@@ -117,10 +117,7 @@ expanding: ----> No lookup yet: ${if eq{black}{white}{$sender_host_name}{No}}
    result: ----> No lookup yet: No
 looking up host name for V4NET.0.0.1
 IP address lookup yielded "ten-1.test.ex"
-using host_fake_gethostbyname for ten-1.test.ex (IPv4)
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=ten-1.test.ex address=V4NET.0.0.1
+ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx 
 checking addresses for ten-1.test.ex
   V4NET.0.0.1 OK
 sender_fullhost = ten-1.test.ex [V4NET.0.0.1]
@@ -160,13 +157,11 @@ looking up host name for V4NET.0.0.1
 DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) using fakens
 DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "ten-1.test.ex"
-using host_fake_gethostbyname for ten-1.test.ex (IPv4)
 DNS lookup of ten-1.test.ex (A) using fakens
 DNS lookup of ten-1.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=ten-1.test.ex address=V4NET.0.0.1
+ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx 
 checking addresses for ten-1.test.ex
+Forward DNS security status: unverified
   V4NET.0.0.1 OK
 sender_fullhost = ten-1.test.ex [V4NET.0.0.1]
 sender_rcvhost = ten-1.test.ex ([V4NET.0.0.1])
index ee9c757..dc674fc 100644 (file)
 >>> host in host_lookup? yes (matched "10.250.104.0/21")
 >>> looking up host name for 10.250.104.42
 >>> IP address lookup yielded "manyhome.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=manyhome.test.ex address=10.250.104.0
->>>   name=manyhome.test.ex address=10.250.104.1
->>>   name=manyhome.test.ex address=10.250.104.2
->>>   name=manyhome.test.ex address=10.250.104.3
->>>   name=manyhome.test.ex address=10.250.104.4
->>>   name=manyhome.test.ex address=10.250.104.5
->>>   name=manyhome.test.ex address=10.250.104.6
->>>   name=manyhome.test.ex address=10.250.104.7
->>>   name=manyhome.test.ex address=10.250.104.8
->>>   name=manyhome.test.ex address=10.250.104.9
->>>   name=manyhome.test.ex address=10.250.104.10
->>>   name=manyhome.test.ex address=10.250.104.11
->>>   name=manyhome.test.ex address=10.250.104.12
->>>   name=manyhome.test.ex address=10.250.104.13
->>>   name=manyhome.test.ex address=10.250.104.14
->>>   name=manyhome.test.ex address=10.250.104.15
->>>   name=manyhome.test.ex address=10.250.104.16
->>>   name=manyhome.test.ex address=10.250.104.17
->>>   name=manyhome.test.ex address=10.250.104.18
->>>   name=manyhome.test.ex address=10.250.104.19
->>>   name=manyhome.test.ex address=10.250.104.20
->>>   name=manyhome.test.ex address=10.250.104.21
->>>   name=manyhome.test.ex address=10.250.104.22
->>>   name=manyhome.test.ex address=10.250.104.23
->>>   name=manyhome.test.ex address=10.250.104.24
->>>   name=manyhome.test.ex address=10.250.104.25
->>>   name=manyhome.test.ex address=10.250.104.26
->>>   name=manyhome.test.ex address=10.250.104.27
->>>   name=manyhome.test.ex address=10.250.104.28
->>>   name=manyhome.test.ex address=10.250.104.29
->>>   name=manyhome.test.ex address=10.250.104.30
->>>   name=manyhome.test.ex address=10.250.104.31
->>>   name=manyhome.test.ex address=10.250.104.32
->>>   name=manyhome.test.ex address=10.250.104.33
->>>   name=manyhome.test.ex address=10.250.104.34
->>>   name=manyhome.test.ex address=10.250.104.35
->>>   name=manyhome.test.ex address=10.250.104.36
->>>   name=manyhome.test.ex address=10.250.104.37
->>>   name=manyhome.test.ex address=10.250.104.38
->>>   name=manyhome.test.ex address=10.250.104.39
->>>   name=manyhome.test.ex address=10.250.104.40
->>>   name=manyhome.test.ex address=10.250.104.41
->>>   name=manyhome.test.ex address=10.250.104.42
->>>   name=manyhome.test.ex address=10.250.104.43
->>>   name=manyhome.test.ex address=10.250.104.44
->>>   name=manyhome.test.ex address=10.250.104.45
->>>   name=manyhome.test.ex address=10.250.104.46
->>>   name=manyhome.test.ex address=10.250.104.47
->>>   name=manyhome.test.ex address=10.250.104.48
->>>   name=manyhome.test.ex address=10.250.104.49
->>>   name=manyhome.test.ex address=10.250.104.50
->>>   name=manyhome.test.ex address=10.250.104.51
->>>   name=manyhome.test.ex address=10.250.104.52
->>>   name=manyhome.test.ex address=10.250.104.53
->>>   name=manyhome.test.ex address=10.250.104.54
->>>   name=manyhome.test.ex address=10.250.104.55
->>>   name=manyhome.test.ex address=10.250.104.56
->>>   name=manyhome.test.ex address=10.250.104.57
->>>   name=manyhome.test.ex address=10.250.104.58
->>>   name=manyhome.test.ex address=10.250.104.59
->>>   name=manyhome.test.ex address=10.250.104.60
->>>   name=manyhome.test.ex address=10.250.104.61
->>>   name=manyhome.test.ex address=10.250.104.62
 >>> checking addresses for manyhome.test.ex
->>>   10.250.104.0
->>>   10.250.104.1
+>>>   10.250.104.51
+>>>   10.250.104.17
 >>>   10.250.104.2
->>>   10.250.104.3
->>>   10.250.104.4
->>>   10.250.104.5
->>>   10.250.104.6
->>>   10.250.104.7
+>>>   10.250.104.26
 >>>   10.250.104.8
->>>   10.250.104.9
->>>   10.250.104.10
->>>   10.250.104.11
->>>   10.250.104.12
->>>   10.250.104.13
->>>   10.250.104.14
->>>   10.250.104.15
->>>   10.250.104.16
->>>   10.250.104.17
 >>>   10.250.104.18
->>>   10.250.104.19
->>>   10.250.104.20
+>>>   10.250.104.25
 >>>   10.250.104.21
->>>   10.250.104.22
+>>>   10.250.104.39
+>>>   10.250.104.32
+>>>   10.250.104.29
 >>>   10.250.104.23
->>>   10.250.104.24
->>>   10.250.104.25
->>>   10.250.104.26
->>>   10.250.104.27
+>>>   10.250.104.43
+>>>   10.250.104.46
 >>>   10.250.104.28
->>>   10.250.104.29
->>>   10.250.104.30
->>>   10.250.104.31
->>>   10.250.104.32
->>>   10.250.104.33
->>>   10.250.104.34
->>>   10.250.104.35
->>>   10.250.104.36
->>>   10.250.104.37
->>>   10.250.104.38
->>>   10.250.104.39
->>>   10.250.104.40
+>>>   10.250.104.4
 >>>   10.250.104.41
+>>>   10.250.104.15
+>>>   10.250.104.14
+>>>   10.250.104.45
 >>>   10.250.104.42 OK
 >>> host in host_reject_connection? no (option unset)
 >>> host in sender_unqualified_hosts? no (option unset)
index 7da3739..b05f70f 100644 (file)
@@ -1089,14 +1089,8 @@ LOG: H=[28.28.28.28] F=<a@baddomain> rejected RCPT <x@y>
 >>> looking up host name for V4NET.0.0.3
 >>> IP address lookup yielded "ten-3.test.ex"
 >>>   alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3.test.ex
 >>>   V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3-alias.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3-alias.test.ex
 >>>   V4NET.0.0.3 OK
 >>> require: condition test succeeded in ACL "acl_V4NET_0_0"
@@ -1139,6 +1133,7 @@ LOG: H=[V4NET.0.0.97] F=<> rejected RCPT <x@y>: host lookup failed for reverse l
 >>> looking up host name for V4NET.99.99.96
 >>> IP address lookup yielded "x.test.again.dns"
 >>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
 >>> temporary error for host name lookup
 >>> accept: condition test deferred in ACL "acl_V4NET_99_99"
 LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferred for reverse lookup check
@@ -1159,6 +1154,7 @@ LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferr
 >>> looking up host name for V4NET.99.99.96
 >>> IP address lookup yielded "x.test.again.dns"
 >>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
 >>> temporary error for host name lookup
 >>> accept: condition test succeeded in ACL "acl_V4NET_99_99"
 >>> end of ACL "acl_V4NET_99_99": ACCEPT
index 936b696..6bd2424 100644 (file)
@@ -29,9 +29,6 @@
 >>> sender host name required, to match against *-2.test.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "*-2.test.ex : *-3-alias.test.ex"? no (end of list)
@@ -78,9 +75,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1
 >>> sender host name required, to match against *-2.test.ex
 >>> looking up host name for V4NET.0.0.2
 >>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-2.test.ex address=V4NET.0.0.2
 >>> checking addresses for ten-2.test.ex
 >>>   V4NET.0.0.2 OK
 >>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-2.test.ex")
@@ -124,14 +118,8 @@ LOG: 10HmaY-0005vi-00 <= userx@somehost.example.com H=ten-2.test.ex [V4NET.0.0.2
 >>> looking up host name for V4NET.0.0.3
 >>> IP address lookup yielded "ten-3.test.ex"
 >>>   alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3.test.ex
 >>>   V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3-alias.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3-alias.test.ex
 >>>   V4NET.0.0.3 OK
 >>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-3-alias.test.ex")
index a32d699..b2dddb9 100644 (file)
@@ -29,9 +29,6 @@
 >>> sender host name required, to match against ^[^\d]+2
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "^[^\d]+2"? no (end of list)
@@ -74,9 +71,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1
 >>> sender host name required, to match against ^[^\d]+2
 >>> looking up host name for V4NET.0.0.2
 >>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-2.test.ex address=V4NET.0.0.2
 >>> checking addresses for ten-2.test.ex
 >>>   V4NET.0.0.2 OK
 >>> host in "^[^\d]+2"? yes (matched "^[^\d]+2")
index 82b68bb..179cd8b 100644 (file)
@@ -29,9 +29,6 @@
 >>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? no (end of list)
@@ -74,9 +71,6 @@ LOG: 10HmaX-0005vi-00 <= userx@somehost.example.com H=ten-1.test.ex [V4NET.0.0.1
 >>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts
 >>> looking up host name for V4NET.0.0.2
 >>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-2.test.ex address=V4NET.0.0.2
 >>> checking addresses for ten-2.test.ex
 >>>   V4NET.0.0.2 OK
 >>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? yes (matched "lsearch;TESTSUITE/aux-fixed/0064.hosts")
index de0821a..55973c8 100644 (file)
@@ -280,9 +280,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> sender host name required, to match against *-1.test.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "!TESTSUITE/aux-fixed/0066.nothosts : TESTSUITE/aux-var/0066.hostnets"? yes (matched "*-1.test.ex" in TESTSUITE/aux-var/0066.hostnets)
index 9008167..0af08ea 100644 (file)
@@ -4,9 +4,6 @@
 >>> sender host name required, to match against ^ten-1\.test\.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in sender_unqualified_hosts? yes (matched "^ten-1\.test\.ex")
index 0453d22..2bf1e9c 100644 (file)
@@ -106,9 +106,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> verifying EHLO/HELO argument "ten-1.test.ex"
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> matched host name
@@ -130,14 +127,8 @@ MUNGED: ::1 will be omitted in what follows
 >>> looking up host name for V4NET.0.0.3
 >>> IP address lookup yielded "ten-3.test.ex"
 >>>   alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3.test.ex
 >>>   V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-3-alias.test.ex address=V4NET.0.0.3
 >>> checking addresses for ten-3-alias.test.ex
 >>>   V4NET.0.0.3 OK
 >>> matched host name
@@ -164,9 +155,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> verifying EHLO/HELO argument "rhubarb"
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> getting IP address for rhubarb
index bacb291..00b552e 100644 (file)
@@ -50,9 +50,6 @@ LOG: H=(abc_xyz) [V4NET.0.0.0] F=<userx@cus.cam.ac.uk> rejected RCPT <userx@else
 >>> sender host name required, to match against *N-99.test.EX
 >>> looking up host name for V4NET.0.0.99
 >>> IP address lookup yielded "ten-99.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-99.test.ex address=V4NET.0.0.99
 >>> checking addresses for ten-99.test.ex
 >>>   V4NET.0.0.99 OK
 >>> host in sender_unqualified_hosts? yes (matched "*N-99.test.EX")
index b9249cc..5ab7516 100644 (file)
@@ -33,9 +33,6 @@ LOG: H=[V4NET.11.12.13] F=<userx@cam.ac.uk> rejected RCPT <userx@cam.ac.uk>: rel
 >>> host in host_lookup? yes (matched "0.0.0.0/0")
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in host_reject_connection? no (option unset)
@@ -87,21 +84,17 @@ DNS lookup of 90.99.99.V4NET.in-addr.arpa (PTR) using fakens
 DNS lookup of 90.99.99.V4NET.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "oneback.test.ex"
   alias "host1.masq.test.ex"
-using host_fake_gethostbyname for oneback.test.ex (IPv4)
 DNS lookup of oneback.test.ex (A) using fakens
 DNS lookup of oneback.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=oneback.test.ex address=V4NET.99.99.90
+oneback.test.ex V4NET.99.99.90 mx=-1 sort=xx 
 checking addresses for oneback.test.ex
+Forward DNS security status: unverified
   V4NET.99.99.90 OK
-using host_fake_gethostbyname for host1.masq.test.ex (IPv4)
 DNS lookup of host1.masq.test.ex (A) using fakens
 DNS lookup of host1.masq.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=host1.masq.test.ex address=V4NET.90.90.90
+host1.masq.test.ex V4NET.90.90.90 mx=-1 sort=xx 
 checking addresses for host1.masq.test.ex
+Forward DNS security status: unverified
   V4NET.90.90.90
 no IP address for host1.masq.test.ex matched V4NET.99.99.90
 sender_fullhost = oneback.test.ex [V4NET.99.99.90]
index 3f90c7c..02f42e0 100644 (file)
@@ -9,9 +9,6 @@
 >>> myhost.test.ex in helo_lookup_domains? yes (matched "@")
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in hosts_connection_nolog? no (option unset)
@@ -25,9 +22,6 @@ MUNGED: ::1 will be omitted in what follows
 >>> [127.0.0.1] in helo_lookup_domains? yes (matched "@[]")
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in dsn_advertise_hosts? no (option unset)
index d8aca4e..244f96c 100644 (file)
@@ -33,9 +33,6 @@ LOG: no host name found for IP address V4NET.0.0.97
 >>> sender host name required, to match against *.test.ex
 >>> looking up host name for V4NET.0.0.1
 >>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=ten-1.test.ex address=V4NET.0.0.1
 >>> checking addresses for ten-1.test.ex
 >>>   V4NET.0.0.1 OK
 >>> host in "*.test.ex"? yes (matched "*.test.ex")
index a24ef41..d5e9ee6 100644 (file)
@@ -39,21 +39,17 @@ DNS lookup of 97.99.99.V4NET.in-addr.arpa (PTR) using fakens
 DNS lookup of 97.99.99.V4NET.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "x.gov.uk.test.ex"
   alias "x.co.uk.test.ex"
-using host_fake_gethostbyname for x.gov.uk.test.ex (IPv4)
 DNS lookup of x.gov.uk.test.ex (A) using fakens
 DNS lookup of x.gov.uk.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=x.gov.uk.test.ex address=V4NET.99.99.97
+x.gov.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx 
 checking addresses for x.gov.uk.test.ex
+Forward DNS security status: unverified
   V4NET.99.99.97 OK
-using host_fake_gethostbyname for x.co.uk.test.ex (IPv4)
 DNS lookup of x.co.uk.test.ex (A) using fakens
 DNS lookup of x.co.uk.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=x.co.uk.test.ex address=V4NET.99.99.97
+x.co.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx 
 checking addresses for x.co.uk.test.ex
+Forward DNS security status: unverified
   V4NET.99.99.97 OK
 sender_fullhost = x.gov.uk.test.ex [V4NET.99.99.97]
 sender_rcvhost = x.gov.uk.test.ex ([V4NET.99.99.97] ident=CALLER)
index 6caf2cd..efd8de9 100644 (file)
@@ -22,9 +22,6 @@ LOG: H=[2001:0ab8:037f:0020:0000:0000:0000:0001] Warning: matched hostlist
 >>> host in host_lookup? yes (matched "*")
 >>> looking up host name for V6NET:1234:0005:0006:0007:0008:0abc:000d
 >>> IP address lookup yielded "test3.ipv6.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>>   name=test3.ipv6.test.ex address=V6NET:1234:5:6:7:8:abc:d
 >>> checking addresses for test3.ipv6.test.ex
 >>>   V6NET:1234:5:6:7:8:abc:d OK
 >>> host in host_reject_connection? no (option unset)
index 2669d93..043e995 100644 (file)
@@ -46,13 +46,12 @@ looking up host name for ip4.ip4.ip4.ip4
 DNS lookup of ip4-reverse.in-addr.arpa (PTR) using fakens
 DNS lookup of ip4-reverse.in-addr.arpa (PTR) succeeded
 IP address lookup yielded "the.local.host.name"
-using host_fake_gethostbyname for the.local.host.name (IPv4)
 DNS lookup of the.local.host.name (A) using fakens
 DNS lookup of the.local.host.name (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
-  name=the.local.host.name address=ip4.ip4.ip4.ip4
+local host found for non-MX address
+the.local.host.name ip4.ip4.ip4.ip4 mx=-1 sort=xx 
 checking addresses for the.local.host.name
+Forward DNS security status: unverified
   ip4.ip4.ip4.ip4 OK
 sender_fullhost = the.local.host.name [ip4.ip4.ip4.ip4]
 sender_rcvhost = the.local.host.name ([ip4.ip4.ip4.ip4])