[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim, local resolver, host name lookups and IPv6

On 2008-04-12, Marc Haber <mh+debian-devel@zugschlus.de> wrote:
> On Fri, 11 Apr 2008 17:48:19 +0000 (UTC), Robert Edmonds
><edmonds@debian.org> wrote:
>>Yes, there is a much better way: do not perform name resolution to
>>determine the host's FQDN.  It is wrong.
> This is what exim does to determine the local host name:
>|This variable contains the value set by primary_hostname in the
>|    configuration file, or read by the uname() function. If uname() returns a
>|    single-component name, Exim calls gethostbyname() (or getipnodebyname()
>|    where available) in an attempt to acquire a fully qualified host name. See
>|    also $smtp_active_hostname.
> Is this broken?

IMO, yes: the nodename returned by uname() may have nothing to do with
information in the DNS.

I haven't looked at the exact sequence of calls exim makes, but a common
one is:

    1) obtain the hostname via uname() or gethostname()

    2) obtain the IP address corresponding to this hostname by calling

    3) obtain the "fully qualified" hostname by calling gethostbyaddr()
    on this IP address

This is somewhat damaged especially if the gethost* calls result in DNS
lookups for some reason, because the information in DNS could be under a
completely separate administrative domain.

Another problem is insisting that a "single-component name" isn't fully
qualified is wrong, too.  E.g., "ai" is a fully-qualified Internet mail

    edmonds@chase{0}:~$ dig +short mx ai          
    10 mail.offshore.ai.

> But this documentation is kind of incorrect in the first place, since
> the AAAA lookup I see is caused by a call to gethostbyname_2_, which
> is not mentioned int he docs at all. Thankfully, gethostbyname2 is
> used in exim's source code only twice (with one of the occurrences
> being inside an if( primary_hostname == NULL ) which doesn't apply if
> primary_hostname is set in configuration, which is the case if exim is
> configured with the minimaldns option. So, the AAAA lookup must be
> triggered by the gethostbyname2 call in host.c line 1969, which I not
> yet have fully understood. Can some more experienced C programmer
> comment on this part of the code?
>>  The MTA needs to know the
>>"mail name" or FQDN of the system, and it may need to know specific IPv4
>>or IPv6 addresses to bind to if it is running an SMTP server, but it
>>does not need to know any particular mapping between the two.
> Where can I obtain the FQDN of the system instead?

Perhaps by asking the user at installation/configuration time, and
storing this information in some sort of file that stores the, erm,
"mail name" of the system :)

> Don't I need the particular mapping between IP addresses and host
> names to generate a proper HELO? But I wouldn't expect these lookups
> to be made at startup, but only when an outgoing message is sent.


>>It looks like there are functions in src/host.c for performing DNS-based
>>determination of the system's FQDN.  I don't know exactly under which
>>circumstances these functions are invoked, but policy 11.6 implies that
>>they are superfluous in the presence of the /etc/mailname file.
> /etc/mailname is unfortunately unclearly defined in Policy, and IIRC
> the policy editors refused to clarify when asked years ago. The exim 4
> maintainers have then created http://wiki.debian.org/EtcMailName and
> asked all MTA maintainers to comment how they use /etc/mailname, but
> only a fraction of them bothered to comment.
> Exim 4 only uses /etc/mailname to qualify unqualified recipient
> addresses and for some rewriting tricks. This has been the cause of
> unspeakable grief in the past so I do prefer to avoid touching this
> particular part of the system.
>>I don't see how this issue is analogous to the hack.  From
>>reading the archived discussion[0], the problem is applications which
>>use a sequence of legacy gethostname(), gethostbyname(), etc. calls to
>>construct an FQDN, and avoiding accidentally using 'localhost' or
>>'localhost.localdomain' as the system hostname.  If you're using the
>>newer getipnode* functions, it's possible that you'll get an AI_V4MAPPED
>>address even when asking for an AF_INET6 address.
> It looks to me that the getipnode* functions are not available in
> current Debian based on glibc 2.7.

Yes, sorry.  I meant the getaddrinfo() function.

>>The analogous IPv6 hack, btw, would be something atrocious in /etc/hosts
>>::ffff: hostname.domainname
> I'll try that.

Is there a bug report open where this is being discussed?

>>> Any hints will be appreciated.
>>IME, nullmailer and postfix seem to get along fine without generating
>>spurious DNS traffic, so
>>#include <flame/default/mta.h>
> So please make postfix the default MTA for lenny and have exim
> removed. It obviously sucks as badly as its maintainer. I'm _soooo_
> sick of that.

Actually, I wonder if it's time for the semi-annual "do modern Linux
systems need MTAs installed by default" argument.

Robert Edmonds

Reply to: