[EXIM] Using '+allow_unknown'

Top Page
Delete this message
Reply to this message
Author: John Horne
Date:  
To: Exim Users List
Subject: [EXIM] Using '+allow_unknown'
Hello,

(This could be a dumb question/statement - i.e. I get the feeling I haven't
thought it all the way through - but what the heck...)

After changing to Exim 3 we had the configuration option:

  host_reject_recipients = "! TABLES/banned/networks-allow : \
                            ! partial0-lsearch;TABLES/banned/hosts-allow : \
                            +allow_unknown : \  
                            partial0-lsearch;TABLES/banned/hosts : \
                            cdb;TABLES/banned/spam/reject_hosts.cdb : \
                            TABLES/banned/networks"


The first 2 entries came from the previous sender_net_reject_except and
sender_host_reject_except entries. The rest came from
sender_host_reject_recipient. We found though that with the '+allow_unknown'
in the middle of this list caused sites to be rejected when they had no DNS
PTR records (the log files show messages with 'no IP address found for ...).

The manual states that exim takes a hard line on this and rejects sites
without PTR records. I also accept that Philip has stated that one should
check through the configure file manually before using - I did, but didn't spot
this difference.

It seems, however, that unless the '+allow_unknown' is at the top of the list
or before a file lookup entry then it, in effect, gets ignored. Given a site
that is not in any of our files using the above configure option it is
rejected. I was expecting the reverse lookup to fail but given that it doesn't
appear in 'networks-allow' or 'hosts-allow' then it would hit the
'+allow_unknown' and be accepted (i.e. not rejected). It seems that the use of
a straight file (such as networks-allow above) is okay but not a lookup
(lsearch, cdb, etc). These cause the IP address to be rejected regardless of
'+allow_unknown' appearing later.

We have now put the '+allow_unknown' at the top of the list.

Second (minor) point: we have configured a file for prohibition messages, but
would like to seperate out those from the above lists which are 'banned' by us
as oppose to those which are rejected due to DNS failures (lack of PTR
records). At present the DNS ones get a message saying we have banned them for
mail abuse. Oops. If its easy to do could it be added to the wish list please?

Thanks,

John.

--------------------------------------------------------------------------
John Horne, University of Plymouth, UK             Tel: +44 (0)1752 233914
E-mail: jhorne@???                      ICQ: 36532881
Home page: http://jhorne.csd.plymouth.ac.uk
Finger for PGP key: john@???


--
*** Exim information can be found at http://www.exim.org/ ***