}
else
{
- DEBUG(D_dns) debug_printf("fakens (%s) not found\n", utilname);
+ DEBUG(D_dns) debug_printf("fakens (%s) not found\n", utilname);
}
/* fakens utility not found, or it returned "pass on" */
)
&& (rc = tlsa_lookup(host, &tlsa_dnsa, dane_required, &dane)) != OK
)
- return rc;
+ {
+ set_errno(addrlist, ERRNO_DNSDEFER,
+ string_sprintf("DANE error: tlsa lookup %s",
+ rc == DEFER ? "DEFER" : "FAIL"),
+ rc, FALSE, NULL);
+ return rc;
+ }
}
else if (dane_required)
{
- log_write(0, LOG_MAIN, "DANE error: %s lookup not DNSSEC", host->name);
- return FAIL;
+ set_errno(addrlist, ERRNO_DNSDEFER,
+ string_sprintf("DANE error: %s lookup not DNSSEC", host->name),
+ FAIL, FALSE, NULL);
+ return FAIL;
}
if (dane)
case, see if any of them are deferred. */
if (rc == OK)
- {
- for (addr = addrlist; addr != NULL; addr = addr->next)
- {
+ for (addr = addrlist; addr; addr = addr->next)
if (addr->transport_return == DEFER)
{
some_deferred = TRUE;
break;
}
- }
- }
/* If no addresses deferred or the result was ERROR, return. We do this for
ERROR because a failing filter set-up or add_headers expansion is likely to
; ------- Testing DANE ------------
; full suite dns chain, sha512
-DNSSEC mxdane512ee MX 1 dane512ee.
-DNSSEC dane512ee A HOSTIPV4
+DNSSEC mxdane512ee MX 1 dane512ee
+DNSSEC dane512ee A HOSTIPV4
DNSSEC _1225._tcp.dane512ee TLSA 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d
; A-only, sha256
-DNSSEC dane256ee A HOSTIPV4
+DNSSEC dane256ee A HOSTIPV4
DNSSEC _1225._tcp.dane256ee TLSA 3 1 1 2bb55f418bb03411a5007cecbfcd3ec1c94404312c0d53a44bb2166b32654db3
; full MX, sha256, TA-mode
-DNSSEC mxdane256ta MX 1 dane256ta.
-DNSSEC dane256ta A HOSTIPV4
+DNSSEC mxdane256ta MX 1 dane256ta
+DNSSEC dane256ta A HOSTIPV4
DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 b2c6f27f2d16390b4f71cacc69742bf610d750534fab240516c0f2deb4042ad4
+; ------- Testing DANE ------------
+
+; full suite dns chain, sha512
+DNSSEC mxdanelazy MX 1 danelazy
+DNSSEC mxdanelazy MX 2 danelazy2
+
+DNSSEC danelazy A HOSTIPV4
+DNSSEC danelazy2 A 127.0.0.1
+
+DNSSEC _1225._tcp.danelazy CNAME test.again.dns.
+DNSSEC _1225._tcp.danelazy2 CNAME test.again.dns.
+
; ------- Testing delays ------------
DELAY=500 delay500 A HOSTIPV4
1999-03-02 09:44:33 10HmbF-0005vi-00 => CALLER@thishost.test.ex R=client T=send_to_server H=thishost.test.ex [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbG-0005vi-00"
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdanelazy.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbH-0005vi-00 H=danelazy.test.ex [ip4.ip4.ip4.ip4]: DANE error: tlsa lookup DEFER
+1999-03-02 09:44:33 10HmbH-0005vi-00 H=danelazy2.test.ex [127.0.0.1]: DANE error: tlsa lookup DEFER
+1999-03-02 09:44:33 10HmbH-0005vi-00 == CALLER@mxdanelazy.test.ex R=client T=send_to_server defer (-36): DANE error: tlsa lookup DEFER
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbF-0005vi-00@myhost.test.ex for CALLER@thishost.test.ex
1999-03-02 09:44:33 10HmbG-0005vi-00 => :blackhole: <CALLER@thishost.test.ex> R=server
1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
****
killdaemon
#
+#
+# A server with two MXs for which both TLSA lookups return defer
+exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
+****
+# TLSA (3 1 2)
+exim -odq CALLER@mxdanelazy.test.ex
+Testing
+****
+exim -qf
+****
+killdaemon
+no_msglog_check
projects / exim.git / commitdiff