[Exim] netmasks across versions

Góra strony
Delete this message
Reply to this message
Autor: Jeffrey Goldberg
Data:  
Dla: exim-users
Temat: [Exim] netmasks across versions
[In formulating this question, I found the answer noted at the bottom.
But I'm posting this anyway, as it does highlight a difference between 3.*
and 2.* which I wasn't aware of.]

I have, at the moment, three incoming mail hubs, running

3.13
2.12
2.05

(the last one will be going away, and the 2.12 will get upgraded all in
the next few weeks)

The 2.* each have a config entry like

sender_net_reject_recipients = TABLES/nets_reject
sender_net_reject_except = 138.250.0.0/16

And the 3.13 system has

host_reject_recipients = "+allow_unknown:\
   ! 138.250.0.0/16 : \
     partial-lsearch;TABLES/hosts_reject : TABLES/nets_reject" 


(yes, I know I should optimize the order there).

In each case the file TABLES/nets_reject contains in its entirety

# exodus.net 216.3[2345].*.* massive spam Christmas 1999
# unblocked 20000106
# 216.32.0.0/14

# dailydirt spam
207.236.112.186/24

This does work on the 3.13 system (both seeing things in reject_logs and
through a -bh test). And it fails on both the the 2.* systems to block
mail from addresses in 207.236.112.0/24 (some mail got through and I've
now tested on both those systems).

I'm fairly sure that the general configuration works because the
exodus.net blocking (now commented out) did work on at least the 2.12
system, Indeed I got mail form exodus asking why they are blocked and
how to get unblocked.

Is the problem because I didn't use 207.236.112.0/24 ? Have I
misunderstood the meaning of such expressions? Do exim 3.* and exim 2.*
have different ways of treating that?

Am I being silly by not testing with with a .0 for the last octet before
posting my query?

The answer to the last quesiton is YES. If I change

207.236.112.186/24

to

207.236.112.0/24

It works on the 2.* systems now.

It is unlikely that someone would find themselve in my position (trying to
get some configuration which works with 3.* to work with 2.*), but just
in case. The lesson is that while something like

207.236.112.186/24

works as a net mask for 3.13, it does not work they way I'd expect for
2.05 and 2.12.

-j

-- 
Jeffrey Goldberg                +44 (0)1234 750 111 x 2826
 Cranfield Computer Centre      FAX         751 814
 J.Goldberg@???     http://WWW.Cranfield.ac.uk/public/cc/cc047/
Relativism is the triumph of authority over truth, convention over justice.