Package: exim4-config
Version: 4.92-8+deb10u3
Severity: normal
Tags: ipv6 patch
Dear Maintainer,
Badly configured domain names with an MX record of "localhost" cause
Exim to freeze messages instead of bouncing them when the local DNS
resolver resolves "localhost" to an IPv6 address instead of an IPv4 address.
This happens because there are no IPv6 addresses in
`ignore_target_hosts` for the `dnslookup` router. Adding IPv6 addresses
to this configuration option ensures identical behaviour regardless of
whether the DNS resolver returns IPv4 or IPv6 addresses.
In line with the current list of `ignore_target_hosts` which includes
only private IPv4 networks, the patch I am attaching here tries to add
only the localhost, private, and link-local IPv6 networks.
All this said, given other reports like Bug #927733 which ask to extend
the list of target hosts to exclude more special IPv4 subnets, it might
be a better idea to just make `ignore_target_hosts` use a macro to
maximise maintainability over the long term.
Thank you for taking the time to read and consider this report.
Best regards,
--- a/conf.d/router/200_exim4-config_primary 2019-09-07 08:59:59.000000000
+0000
+++ b/conf.d/router/200_exim4-config_primary 2020-02-09 01:12:42.531689133
+0000
@@ -33,10 +33,11 @@
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
- # ignore private rfc1918 and APIPA addresses
- ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
- 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
- 255.255.255.255
+ # ignore private rfc1918, rfc4193, rfc4291, rfc6666, and APIPA addresses
+ ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; 192.168.0.0/16 ;\
+ 172.16.0.0/12 ; 10.0.0.0/8 ; 169.254.0.0/16 ;\
+ 255.255.255.255 ; ::/128 ; ::1/128 ; fc00::/7 ;\
+ fe80::/10 ; 100::/64
dnssec_request_domains = *
no_more
