Re: [Exim] Exim failing relay test :-(

Top Pagina
Delete this message
Reply to this message
Auteur: Phillips, Alan
Datum:  
Aan: 'exim-users@exim.org'
CC: Patterson, Norman
Onderwerp: Re: [Exim] Exim failing relay test :-(
We did some tests on our Exim 3.03 just now, and either we misunderstand
something, or something is wrong. We don't have collapse_source_routing set;
unix.lancs.ac.uk is a local machine not listed in local_domains

From an off-site machine that's not allowed to relay, we do

    mail from: <evil@???>
    250 <evil@???> is syntactically correct


rcpt to: <user%unix.lancs.ac.uk@???>
550 relaying to <user%unix.lancs.ac.uk@???> prohibited by
administrator

Which is correct; Exim would send to hotmail.com, which is a relay

rcpt to: <@unix.lancs.ac.uk:user@???>
550 relaying to <@unix.lancs.ac.uk:user@???> prohibited by
administrator

Which is correct; Exim would send to unix.lancs.ac.uk, asking it to relay to
hotmail.com

rcpt to: <user%hotmail.com@???>
250 <user%hotmail.com@???> verified

Which isn't what we expected - Exim is passing through a message which will be
seen by the next destination as a relay request. If the downstream machine
implements percent hack routing, aren't the two cases above equivalent?

Now _if_ the next destination is properly set up, the final relay attempt will
fail (but we'll generate an NDR - also not desirable); but here we have a
number of machines downstream where for political reasons, owners being
incompetent and so on, we cannot make them secure - we had previously used
blocking software to protect these machines centrally.

So are we wrong in expecting that Exim can/will/should do this protection of
downstream systems? We're going to hit a lot of political flak if it can't....

Alan