Acl error

P

pucky

Verified User
Joined
Sep 9, 2006
Messages
794
Im seeing this in my logs;

2017-04-26 07:01:34 H=([103.47.66.214]) [103.47.66.214] Warning: ACL "warn" statement skipped: condition test deferred: failed to expand ACL string "${lookup dnsdb{ptr=$sender_host_address}{false}{true}}": lookup of "ptr=103.47.66.214" gave DEFER:
 
Hello,

The IP 103.47.66.214 does not have valid PTR. So what makes you to worry? If it's a trusted IP, you can add it into skip list /etc/virtual/esf_skip_ip
 
Mate, there are tons of ips that dont have a valid PTR and they dont kick the acl warn.

I want to know why ACL warn is showing code in the logs? If valid ptr was based on this dont you think every single ip that doesnt have a valid ptr would kick that acl error?

Besides, this cod should not showup in the logs unless there was something wrong with it. It should return a FALSE and not write the entire line out in the logs.

There is a problem in the exim.pl or exim.conf file that needs fixing.
 
Last edited:
That's Easy Spam Fighter /etc/exim.easy_spam_fighter/check_mail.conf:

Code: 
condition = ${lookup dnsdb{ptr=$sender_host_address}{false}{true}}
If you think it's a bug then you'd better open a ticket with directadmin support at https://tickets.directadmin.com/
 
On my end I found the same warning for senders from the following IPs:

Code: 
103.29.250.146
116.101.42.57
116.107.128.41
116.97.12.26
1.55.40.115
1.55.41.49
171.231.170.167
171.233.64.37
171.248.243.237
180.252.175.129
218.206.207.155
27.250.6.3
27.3.224.173
42.113.165.105
42.113.189.98
42.114.39.34
42.115.135.225
42.115.97.235
61.114.97.50

and all of them give SERVFAIL:

Code: 
Host 146.250.29.103.in-addr.arpa not found: 2(SERVFAIL)
Host 57.42.101.116.in-addr.arpa not found: 2(SERVFAIL)
Host 41.128.107.116.in-addr.arpa not found: 2(SERVFAIL)
Host 26.12.97.116.in-addr.arpa not found: 2(SERVFAIL)
Host 115.40.55.1.in-addr.arpa not found: 2(SERVFAIL)
Host 49.41.55.1.in-addr.arpa not found: 2(SERVFAIL)
Host 167.170.231.171.in-addr.arpa not found: 2(SERVFAIL)
Host 37.64.233.171.in-addr.arpa not found: 2(SERVFAIL)
Host 237.243.248.171.in-addr.arpa not found: 2(SERVFAIL)
Host 129.175.252.180.in-addr.arpa not found: 2(SERVFAIL)
Host 155.207.206.218.in-addr.arpa not found: 2(SERVFAIL)
Host 3.6.250.27.in-addr.arpa not found: 2(SERVFAIL)
Host 173.224.3.27.in-addr.arpa not found: 2(SERVFAIL)
Host 105.165.113.42.in-addr.arpa not found: 2(SERVFAIL)
Host 98.189.113.42.in-addr.arpa not found: 2(SERVFAIL)
Host 34.39.114.42.in-addr.arpa not found: 2(SERVFAIL)
Host 225.135.115.42.in-addr.arpa not found: 2(SERVFAIL)
Host 235.97.115.42.in-addr.arpa not found: 2(SERVFAIL)
Host 50.97.114.61.in-addr.arpa not found: 2(SERVFAIL)

and it's not the same with NXDOMAIN:

Code: 
Host 4.3.2.1.in-addr.arpa. not found: 3(NXDOMAIN)

Your IP gives the same SERVFAIL:

Code: 
# host 103.47.66.214
Host 214.66.47.103.in-addr.arpa not found: 2(SERVFAIL)


So that's probably the reason. What else IPs do you have on your end?
 
For future reference, in my case, yesterday after an update the file /etc/resolv.conf was modified and the raw nameserver 8.8.8.8 deleted.
I simply re-added it and, without restarting network service, it seems to work again.
 
My server is a Centos 6 one, I read here https://askubuntu.com/a/130459 that on Ubuntu you can create a /etc/resolvconf/resolv.conf.d/ and put a file with your overrides there, e.g. etc/resolvconf/resolv.conf.d/tail .
I'm not sure that in Centos 6 I can do that way, so I've adopted this

chattr +i resolv.conf
in order to make the file not overwritable.
When you wanna revert the setting, you can do this:
chattr -i resolv.conf

Full guideline for your reference: http://boxtutor.com/fix-etcresolv-conf-is-not-saving-after-server-reboot/
 
Last edited:
You must log in or register to reply here.
Back
Top