Re: Confusion in getting relay prevention to work

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Chris Thompson
Data:  
Para: F. Jacot Guillarmod
CC: exim-users
Assunto: Re: Confusion in getting relay prevention to work
F.F. Jacot Guillarmod writes:
>

[...]
>
> So, to simplify the description of the setup, we have:
>
>     exim.ru.ac.za as the MX target and outgoing SMTP gateway for

>
>         novella.ru.ac.za and
>         novellb.school.za

>
> which means we want exim.ru.ac.za to accept relaying from anywhere
> destined for either novella or novellb (because it is an MX target for
> these systems), but to prevent relaying to anywhere else.
>
> We also want exim.ru.ac.za to accept relaying only from novella and
> novellb to anywhere else (because it is the SMTP gateway for these
> machines).
>
> Try as I might, I can't get this to work symmetrically. Seemingly,
> whichever permutation I try of the sender_host_reject_relay and
> relay_domains family of parameters, I can get exim to deliver only to
> novella/b, but then block off gatewaying from novella/b or vice versa.
> I've read the docs (for exim 1.71) what seems like several dozen times,
> and am either hopelessly confused, or else exim doesn't support this
> particular scenario.


Perhaps you are having problems because the situation isn't really
all that symmetric, at least as Exim sees it.

  You want to accept e-mail for the *domains* novella.ru.ac.za & 
    novellb.school.za, from the world in general, so you need to 
    put them in relay_domains (a domain-list).
  You want to accept e-mail for the world in general from certain
    *hosts* associated with those domains. For this you usually use
    sender_host_accept_relay (a host-list) or sender_net_accept_relay
    (a net-list). If you use the former, you can specify host names
    rather than IP addresses, but in that case you had better make sure 
    that they are reliably in the DNS. [Use of patterns in the host names
    means that reverse lookup in the DNS will be used.]
  You may also want to ensure that mail you relay for these machines 
    is restricted to certain envelope senders; for that you use
    sender_address_relay (an address-list).


If you think this is what you have been doing, perhaps you could supply
the values of the parameters in question, and what sort of entries you
get in your log/rejectlog when it doesn't work? I can't second-guess you
because the names you use above are, I think, imaginary (simplified!) - at
any rate, they aren't in the DNS as I see it here.

Chris Thompson               Cambridge University Computing Service,
Email: cet1@???    New Museums Site, Cambridge CB2 3QG,
Phone: +44 1223 334715       United Kingdom.


--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/