Mailing List Archive: exim: dev

dbsdb "name syntax check" bug?

Index | Next | Previous | View Threaded

markdv.exim at asphyx

Jul 28, 2009, 1:26 PM

Post #1 of 3 (1100 views)
Permalink

dbsdb "name syntax check" bug?

Just playing, when I ran into:

# exim -d+resolver -be
> ${lookup dnsdb{txt=_spf.google.com}}
database lookup required for txt=_spf.google.com
dnsdb key: _spf.google.com
DNS name syntax check failed: _spf.google.com (TXT)
lookup failed

My guess is it doesn't like the underscore to start the name/label.

Which seems like a bug because as far as I know underscores are only
illegal in hostnames. And not all _names_ in a domain name are also
_hostnames_. The name in an SRV record being the most well-known example.

[.CC-ing exim-dev, to which I'm _not_ subscribed so don't know if that's]
[.gonna come through. If it does then please CC me in replies on that ]
[list you think I should read. ]

Cheers,
Mark.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

exim-users at spodhuis

Jul 28, 2009, 5:58 PM

Post #2 of 3 (990 views)
Permalink

Re: [exim] dbsdb "name syntax check" bug? [In reply to]

On 2009-07-28 at 22:26 +0200, MarkdV wrote:
> Just playing, when I ran into:
>
> # exim -d+resolver -be
> > ${lookup dnsdb{txt=_spf.google.com}}
> database lookup required for txt=_spf.google.com
> dnsdb key: _spf.google.com
> DNS name syntax check failed: _spf.google.com (TXT)
> lookup failed
>
> My guess is it doesn't like the underscore to start the name/label.
>
> Which seems like a bug because as far as I know underscores are only
> illegal in hostnames. And not all _names_ in a domain name are also
> _hostnames_. The name in an SRV record being the most well-known example.

The SRV record is indeed special-cased from this, by skipping over the
first two labels.

In fact, the underscore is also forbidden in mail-domains, which is
often of more interest to Exim.

Agreed though, that it's probably a bug that TXT record lookup, or in
fact lookups for anything except A/AAAA/MX, apply the syntax checks.

You can work around it with the "dns_check_names_pattern" option.
Adjust the regexp to remove the underscore restrictions.

However, the SPF record for a domain is always associated with the
domain itself (whether TXT or SPF); the _spf.google.com record exists to
be used in things like the TXT record for gmail.com:
gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com"
and if you want to handle that, you need to use the Experimental SPF
support; anything you do with checks in Exim directly will be somewhat
fragile as you case referral chains -- handling recursive references
safely in Exim's syntax would be highly awkward (as in, I wouldn't like
to write such rules).

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

markdv.exim at asphyx

Jul 29, 2009, 10:40 AM

Post #3 of 3 (972 views)
Permalink

Re: [exim] dbsdb "name syntax check" bug? [In reply to]

Phil Pennock wrote:
> On 2009-07-28 at 22:26 +0200, MarkdV wrote:
>> Just playing, when I ran into:
>>
>> # exim -d+resolver -be
>> > ${lookup dnsdb{txt=_spf.google.com}}
>> database lookup required for txt=_spf.google.com
>> dnsdb key: _spf.google.com
>> DNS name syntax check failed: _spf.google.com (TXT)
>> lookup failed
>>
>> My guess is it doesn't like the underscore to start the name/label.
>>
>> Which seems like a bug because as far as I know underscores are only
>> illegal in hostnames. And not all _names_ in a domain name are also
>> _hostnames_. The name in an SRV record being the most well-known example.
>
> The SRV record is indeed special-cased from this, by skipping over the
> first two labels.

I'd be willing to call them _different_. Different from the host-names
that we see/use the most. And different from a lot of other records and
their specific syntax. But they are not special, at least no more - or
less - than any other record type. Ok, I admit I can be a bit pedantic
about these things. :)

> In fact, the underscore is also forbidden in mail-domains, which is
> often of more interest to Exim.

No coincidence. They need to be compatible with host-names for delivery
based on hostname when there are no MX records.

And I understand what/why dnsdb only supports only record types that are
relevant to the realm of mail delivery. Which is fine.

> Agreed though, that it's probably a bug that TXT record lookup, or in
> fact lookups for anything except A/AAAA/MX, apply the syntax checks.
>
> You can work around it with the "dns_check_names_pattern" option.
> Adjust the regexp to remove the underscore restrictions.

Thanks, hadn't thought of that.

> However, the SPF record for a domain is always associated with the
> domain itself (whether TXT or SPF); the _spf.google.com record exists to
> be used in things like the TXT record for gmail.com:
> gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com"
> and if you want to handle that, you need to use the Experimental SPF
> support; anything you do with checks in Exim directly will be somewhat
> fragile as you case referral chains -- handling recursive references
> safely in Exim's syntax would be highly awkward (as in, I wouldn't like
> to write such rules).

Oh yeah, like I said I was just playing... I wasn't planning to to
implement spf record validation in exim directly. Although, I am now
wondering if it could be done... Thank god I don't have enough spare
time to actually try. :)

Cheers,
Mark.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads