John Henders writes:
>
> On Thu, Sep 25/97, "F. Jacot Guillarmod" <Jacot@???> wrote:
> >
> > So, to simplify the description of the setup, we have:
> >
> > exim.ru.ac.za as the MX target and outgoing SMTP gateway for
> >
> > novella.ru.ac.za and
> > novellb.school.za
> >
> > which means we want exim.ru.ac.za to accept relaying from anywhere
> > destined for either novella or novellb (because it is an MX target for
> > these systems), but to prevent relaying to anywhere else.
Extract from the relevant configuration file:
=====
relay_domains = "*.ru.ac.za:*.aau.org:aau.org:*.ls:griff.saprep.ecape.school.za:*.issi.co.za:*.ac.ng:*.catpe.alt.za:*.vghs.ecape.school.za:bberry.alt.za:chobe.bw"
relay_domains_include_local_mx
sender_host_accept_relay = "*.ru.ac.za:*.aau.org:aau.org:*.ls:griff.saprep.ecape.school.za:*.issi.co.za:*.ac.ng:*.catpe.alt.za:*.vghs.ecape.school.za:bberry.alt.za:chobe.bw"
=====
And here's the result of a test - a forgery from within the "ru.ac.za" zone:
=====
Script started on Thu Sep 25 22:22:41 1997
[hippo[22:22]~> telnet quagga smtp
Trying 146.231.128.2 ...
Connected to quagga.ru.ac.za.
Escape character is '^]'.
220 quagga.ru.ac.za ESMTP Exim 1.71 #4 Thu, 25 Sep 1997 22:22:57 +0200
helo junk.com
250 quagga.ru.ac.za: Hello ccfj at junk.com [146.231.128.1]
mail from: joe@???
250 <joe@???> is syntactically correct
rcpt to: ccfj@???
250 <ccfj@???> is syntactically correct
rcpt to: ccfj@???
250 <ccfj@???> is syntactically correct
rcpt to: randy@???
250 <randy@???> is syntactically correct
quit
=====
This had me going for a while with a sense of deja vu, until I thought
about it and tried a second test from a system in a different zone:
=====
Script started on Thu Sep 25 22:44:21 1997
pineapple:~>telnet quagga.ru.ac.za smtp
Trying 146.231.128.2...
Connected to quagga.ru.ac.za.
Escape character is '^]'.
220 quagga.ru.ac.za ESMTP Exim 1.71 #4 Thu, 25 Sep 1997 22:44:47 +0200
helo pineapple.uni.net.za
250 quagga.ru.ac.za: Hello pineapple.uni.net.za [155.232.248.15]
mail from: ccfj@???
250 <ccfj@???> is syntactically correct
rcpt to: ccfj@???
250 <ccfj@???> is syntactically correct
rcpt to: randy@???
550 relaying to <randy@???> prohibited by administrator
quit
221 quagga.ru.ac.za closing connection
Connection closed by foreign host.
pineapple:~>exit
Script done on Thu Sep 25 22:46:19 1997
=====
which is a bit more like it. I'll leave aside the problem of why the forgery
is unquestioningly accepted during the first test, other than to mention pop :-(
I have the horrible feeling that some of my previous configs might have been OK
after all, but then inadequately or misleadingly tested.
Many thanks for the helpful responses...
--
F.F. Jacot Guillarmod - Information Technology - Rhodes University - Grahamstown
Internet: Jacot@??? Phone: +27 461 318284 Fax: +27 461 27764
The views expressed above are not necessarily those of Rhodes University
--
* This is sent by the exim-users mailing list. To unsubscribe send a
mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/