Re: Confusion in getting relay prevention to work

Top Page
Delete this message
Reply to this message
Author: Chris Thompson
Date:  
To: F. Jacot Guillarmod
CC: jhenders, exim-users
Subject: Re: Confusion in getting relay prevention to work
F.F. Jacot Guillarmod writes:
>
> =====
> relay_domains = "*.ru.ac.za:*.aau.org:aau.org:*.ls:griff.saprep.ecape.school.za:*.issi.co.za:*.ac.ng:*.catpe.alt.za:*.vghs.ecape.school.za:bberry.alt.za:chobe.bw"
> relay_domains_include_local_mx
>
> sender_host_accept_relay = "*.ru.ac.za:*.aau.org:aau.org:*.ls:griff.saprep.ecape.school.za:*.issi.co.za:*.ac.ng:*.catpe.alt.za:*.vghs.ecape.school.za:bberry.alt.za:chobe.bw"
> =====


In the latter,

griff.saprep.ecape.school.za
bberry.alt.za
chobe.bw

will be forward-looked-up when the exim daemon (-bd) starts. But because there are
also patterns, reverse lookups will also be done at SMTP session time.

There's already some evidence of confusion on your part here, as bberry.alt.za
and chobe.bw have no A records in the DNS, only MX records. They aren't hosts
that might send a message to you.

> =====
> Script started on Thu Sep 25 22:22:41 1997
>
> [hippo[22:22]~> telnet quagga smtp
> Trying 146.231.128.2 ...
> Connected to quagga.ru.ac.za.
> Escape character is '^]'.
> 220 quagga.ru.ac.za ESMTP Exim 1.71 #4 Thu, 25 Sep 1997 22:22:57 +0200
> helo junk.com
> 250 quagga.ru.ac.za: Hello ccfj at junk.com [146.231.128.1]
> mail from: joe@???
> 250 <joe@???> is syntactically correct
> rcpt to: ccfj@???
> 250 <ccfj@???> is syntactically correct
> rcpt to: ccfj@???
> 250 <ccfj@???> is syntactically correct
> rcpt to: randy@???
> 250 <randy@???> is syntactically correct
> quit
> =====


The calling address 146.231.128.1 is reverse-looked-up, yielding "hippo.ru.ac.za".
That matches "*.ru.ac.za", so the relay is allowed. [Note that the name used in
the HELO command is not relevant.]

> =====
> Script started on Thu Sep 25 22:44:21 1997
> pineapple:~>telnet quagga.ru.ac.za smtp
> Trying 146.231.128.2...
> Connected to quagga.ru.ac.za.
> Escape character is '^]'.
> 220 quagga.ru.ac.za ESMTP Exim 1.71 #4 Thu, 25 Sep 1997 22:44:47 +0200
> helo pineapple.uni.net.za
> 250 quagga.ru.ac.za: Hello pineapple.uni.net.za [155.232.248.15]
> mail from: ccfj@???
> 250 <ccfj@???> is syntactically correct
> rcpt to: ccfj@???
> 250 <ccfj@???> is syntactically correct
> rcpt to: randy@???
> 550 relaying to <randy@???> prohibited by administrator
> quit
> 221 quagga.ru.ac.za closing connection
> Connection closed by foreign host.
> pineapple:~>exit
> Script done on Thu Sep 25 22:46:19 1997
> =====


The calling address 155.232.248.15 is reverse-looked-up, yielding
"pineapple.uni.net.za", which matches nothing in sender_host_accept_relay,
so the relay is disallowed (as it also isn't from 196.13.169.201 =
griff.saprep.ecape.school.za, and "psg.com" doesn't match anything in
relay_domains).

Chris Thompson               Cambridge University Computing Service,
Email: cet1@???    New Museums Site, Cambridge CB2 3QG,
Phone: +44 1223 334715       United Kingdom.


--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/