Mailing List Archive

https://bugs.exim.org/show_bug.cgi?id=2972

--- Comment #1 from Jeremy Harris <jgh146exb@wizmail.org> ---
> An ACL with the following lines gives some strange and hard to predict error:
>
> warn log_message = [ACL_MAIL_UNAUTHED] Reverse DNS lookup failed
> !verify = reverse_host_lookup
> set acl_m_reject = true
> add_header = X-SPAM-REVERSE-DNS-LOOKUP: failed
>
>
> There are 2 different versions of the error. For the precise text above
> currently the error is only received when actually processing an incoming
> mail:
>
> X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no temporarily rejected MAIL
> <XXXXX@XXXXX.XX>: expected "sender[=address]", "recipient", "helo",
> "header_syntax", "header_sender", "header_names_ascii" or
> "reverse_host_lookup" at start of ACL condition "verify  reverse_host_lookup"

You didn't show the bit of config actually producing that logged error...
but why do you think it's a bug and not a real verification-fail?

> This is literally copied from journald. The '=' is suddenly missing. In the
> config file, it exists.

What '=' where?

>
> Before I got a different error, when starting up exim. Same line. A minor
> different ACL check. The old check was:
>
> warn log_message = ACL_MAIL_UNAUTHED: Reverse DNS lookup failed.
> !verify = reverse_host_lookup
> set acl_m_reject = true
> add_header = X-SPAM-REVERSE-DNS-LOOKUP: failed
>
> The error was:
> [2/2] error in ACL: "=" missing after ACL "verify" condition
> [1\2] 2023-01-12 16:53:36.247 [18255] Exim configuration error in line 137
> of /etc/mail/exim.conf:
> error in ACL: "=" missing after ACL "verify" condition

Did you check the exact line number?
Are you certain that the exim process concerned was using the file
you investigated, and not some older edit, due to a lack of service-reload
(or restart)?

>
> Now I commented those lines, everything else is working fine. I have 8
> checks in this ACL. They are all in a similar structure. Among others I have
> !verify = helo
> !verify = csa
> !verify = sender/callout=10s,fullpostmaster
> in the same ACL and they dont throw any error.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2972

--- Comment #2 from ente@ck76.de ---
> > warn log_message = [ACL_MAIL_UNAUTHED] Reverse DNS lookup failed
> > !verify = reverse_host_lookup
> > set acl_m_reject = true
> > add_header = X-SPAM-REVERSE-DNS-LOOKUP: failed
> >
>
> You didn't show the bit of config actually producing that logged error...
> but why do you think it's a bug and not a real verification-fail?

see above. Those are the only lines having "reverse_host_lookup". So either the
error message is misleading or those are the lines creating the error.

> What '=' where?

The config contains an '='. The config actually also has a '!' before verify.
The error text in journald misses both: "verify reverse_host_lookup".


> Did you check the exact line number?
> Are you certain that the exim process concerned was using the file
> you investigated, and not some older edit, due to a lack of service-reload
> (or restart)?

Yes. I had to learn that nano jumps to line using <CTRL>+<SHIFT>+_. Yes, this
error was thrown after service restart. Actually this error bugs me since 2
days. But I had better things to do than creating an account on some website
only to report an error.

That error jumped lines while I was editing the file. Actually I edit the
original on my desktop before copying over to the server. On my desktop those
line had been activated until this morning. So I received that error like 10
times with different line numbers and whenever I jumped to that line, it has
been exactly the same "reverse_host_lookup" check. And yes, the error ocured
when I restarted exim.

The adjusted version at the beginning of my bug report is a result of trying to
fix the issue. The ACL is named "acl_mail_unauthed". So I thought maybe exim
has an issue when parsing my log message, which repeats the acl name (in
capital letters tho) followed by a colon as well. So I adjusted all my ACLs to
put the acl name in parenthesis. This made the error on exim startup go away
but now I get the other error when processing mail.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2972

--- Comment #4 from ente@ck76.de ---
(In reply to Jeremy Harris from comment #3)
> The lack of the '!' and '=' in the error log line can be ignored.
> The log line is not the config line; it only refers to it.
>
> However, the issuing of those log lines does show there was a problem.
> I'm having a hard time seeing how, though. This report is the first
> such I've heard.
>
> The second variant could be a filesystem bug, but that sort of thing
> would be making your system unusable in man different ways.
>
> I suppose it could be induced by an overwrite of an old config files,
> which was halfway done just as a re-exec of the exim binary happened
> (Exim does that, to regain permissions, during message delivery processing).
> The solution to that is to *rename* the new file into place instead.

I was able to reproduce the issue several times. There can't be an issue that
happens randomly. Also I am in the middle of nowhere with a very bad internet
connection. My server definitely saves faster the file than I can restart a
server. Keystrokes on my SSH connection take up to 3 seconds to be recognized!
Unfortunately I am not sure how fast I will be able to provide additional
information.

Can I send you my full config to your mail address and be assured that it won't
be published anywhere? I guess that's the best way to find out. Once you can
reproduce the issue, you will be able to find the cause.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

https://bugs.exim.org/show_bug.cgi?id=2972

--- Comment #5 from Jeremy Harris <jgh146exb@wizmail.org> ---
Jasen suggested checking for nonprinting chars in the source.

Apart from that, "exim -bP config_file" to check you're running the file
you think, and if you're editing on a different machine to running,
checksum the file before and after moving it (and avoid Windows; it's
liable to put non-Unix line endings in).

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##