Hi
I've been trying to use Dynamic Relay Authorization Control (DRAC) as
supplied by
http://mail.cc.umanitoba.ca/drac with exim. Basically DRAC
listens on an rpc port for notification from hacked imap and pop daemons
that a user on a certain machine has successfully logged in, and then
writes the IP address and login time to a db file that an mta can then use
as a database of hosts that can send to arbitrary domains for a specified
period.
Unless I've very much got the wrong end of the stick, there are a few
problems using this with exim:
1) exim expects its db files to be hashes rather than btrees, which is what
drac writes. This can be worked around by modifying the drac source so that
it produces a hashed db file instead. It doesn't seem to do anything
particularly clever in manipulating the db file so a swap of DB_BTREE for
DB_HASH appears to do the trick. (Both exim and drac have been compiled to
use db 2.7.5.)
2) drac writes its db file key->data pairs as ipaddress -> time. This means
that it can't directly be used with something like hosts_accept_relay =
dbm;/etc/mail/dracd.db as exim tries to match the hostname rather than the
address in this situation (as noted in earlier posts).
Using hosts_accept_relay = net32-dbm;/etc/mail/dracd.db would require a
further modification of the drac source so that it writes its entries as
ipaddress/32 -> time. I have tried this but can't get it to work - relaying
is still denied after logging in via pop or imap, though the (modified)
entries appear as expected in the db file. It is very likely I have
mishacked the source.
I have tried pointing hosts_accept_relay at a separate db file generated
from a text file containing
159.92.156.76/32: 12341234123
and this allows relaying as expected. I also know that drac works as I have
had it working correctly with sendmail 8.9.3, though admittedly this was
not a drac version that I had hacked.
I have also tried a few variations on:
hosts_accept_relay = ${lookup{$sender_host_address}dbm{/etc/mail/dracd.db}}
without any success.
I think what this needs would be something like the netxx- lookup called eg
ipaddress- where the key matched is the individual IP address. I appreciate
that adding something like this might be harder than it looks, and that the
problem may in any case be due to a major misunderstanding on my part. I
would very much appreciate any ideas that anyone has.
Cheers,
Mark
Mark Clements email: m.clements@???
Systems Administrator tel: +44 (0)171 928 9292 x1940
ISS, B9, St Thomas's Campus, fax: +44 (0)171 928 0065
King's College London
Lambeth Palace Road,
London SE1 7EH, UK
--
*** Exim information can be found at
http://www.exim.org/ ***