Because according to the documentation that variable is set if it's more
than just no rDNS but also a mismatch with a forward DNS query. Unless
I'm misreading the below documentation this is not what I'm asking for.
From
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html
$host_lookup_deferred
This variable normally contains “0”, as does $host_lookup_failed.
When a message comes from a remote host and there is an attempt to look
up the host’s name from its IP address, and the attempt is not
successful, one of these variables is set to “1”.
If the lookup receives a definite negative response (for
example, a DNS lookup succeeded, but no records were found),
$host_lookup_failed is set to “1”.
If there is any kind of problem during the lookup, such that
Exim cannot tell whether or not the host name is defined (for example, a
timeout for a DNS lookup), $host_lookup_deferred is set to “1”.
Looking up a host’s name from its IP address consists of more than
just a single reverse lookup. Exim checks that a forward lookup of at
least one of the names it receives from a reverse lookup yields the
original IP address. If this is not the case, Exim does not accept the
looked up name(s), and $host_lookup_failed is set to “1”. Thus, being
able to find a name from an IP address (for example, the existence of a
PTR record in the DNS) is not sufficient on its own for the success of a
host name lookup. If the reverse lookup succeeds, but there is a lookup
problem such as a timeout when checking the result, the name is not
accepted, and $host_lookup_deferred is set to “1”. See also
$sender_host_name.
Performing these checks sets up information used by the authresults
expansion item.
$host_lookup_failed
See $host_lookup_deferred.
On 2025-06-07 17:48, Richard Doyle via Exim-users wrote:
There are lots of ways to do nearly anything in Exim, but why not use
the simple expansion variable?
deny condition = ${if eq{$host_lookup_failed}{1}}
message = Reverse DNS lookup failed for host $sender_host_address
On 6/7/25 5:23 PM, AC via Exim-users wrote:
I want to block any connection that doesn't have a successful rDNS (logs
report "no host name found") but searching around results in so many
different variants of an ACL rule to do this.
What is the proper way (likely in acl_smtp_connect if I'm not mistaken)
that will simply reject any conection that comes from a bare IP with no
rDNS? Note I'm not asking that I block something where the incoming
hostname doesn't match the rDNS where the two might mismatch (such as an
MX record vs. a more general domain), I'm only looking to block anything
that has absolutely no rDNS value so I don't want to use the
"reverse_host_lookup" option.
The closest thing I found was in the mailing list from 2008:
defer
!condition = ${lookup dnsdb{defer_never,ptr=$sender_host_address}{yes}}
message = Reverse DNS lookup failed for host $sender_host_address
Is this still a correct suggestion?
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
