On Tue, 21 Mar 2000, Daniel Einspanjer wrote:
> I tried two different methods
> of file listing:
>
> host_accept_relay = lsearch;/etc/virtual/localips and
> host_accept_relay = /etc/virtual/localips
> where localips was a simple text listing of each IP address.
The first of those won't work because it does a host *name* search. If
you want to lookup the IP address you need to add net- on the front.
> I noticed that when netscape sends mail, it uses the IP localhost so I added
> localhost to my list: host_accept_relay = localhost:208.36.207.0/24 but
> netscape still prompts me for a password whenever I try to send mail.
The next release of Exim contains the following change:
26. Don't advertise AUTH if host in host_accept_relay, even if it is in
host_auth_accept_relay (unless "always advertise", of course).
This is to cope with clients that can't be configured not to authorize
if they see the availability of the facility.
> I saw
> a couple of FAQs about this and someone had posted a patch to exim to make
> it not offer the AUTH command to someone who matched host_accept_relay, but
> when I went to look at the code, that patch was already there (I'm running
> exim 3.13) and it doesn't seem to work.. ??
Oh, heck. There's something odd in the documentation, because 3.13 lists
this change, which seems identical, but I know I did something different
to 3.14.
9. When auth_always_advertise is false, a AUTH is no longer advertised if the
host is in host_accept_relay, even if it is also in host_accept_auth_relay.
Thus one can use combinations like
host_auth_accept_relay = *
host_accept_relay = 10.9.8.0/24
without having to fill up host_auth_accept_relay with exceptions.
I think that 3.13 listing must not be quite what got implemented.
> One thing I was wondering is that when I do -bh tests, host_accept_relay is
> not checked until I list an RCPT that is not in local_domains.
No point in checking whether a host is allowed to relay until it
actually tries to relay - but YES! I remember now. That's the change
that has been made. The check has to be done earlier in order to get the
advertising right.
> I was
> wondering how this is supposed to work since if a client issues an EHLO
> command, exim automatically returns with AUTH as one of the available
> commands. I did not see anything in the logging about host_accept_relay
> being checked at that time.
>
> Could anyone shed some light on this problem for me? Am I missing a setting
> somewhere that causes host_accept_relay to be checked earlier?
No, the only thing you are missing is the next release, which hasn't
been released yet, I'm afraid.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.