Re: [Exim] host_accept_relay problem with netscape on localh…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Daniel Einspanjer
CC: exim-users
Subject: Re: [Exim] host_accept_relay problem with netscape on localhost
On Tue, 21 Mar 2000, Daniel Einspanjer wrote:

> I tried two different methods
> of file listing:
>
> host_accept_relay = lsearch;/etc/virtual/localips    and
> host_accept_relay = /etc/virtual/localips
> where localips was a simple text listing of each IP address.


The first of those won't work because it does a host *name* search. If
you want to lookup the IP address you need to add net- on the front.

> I noticed that when netscape sends mail, it uses the IP localhost so I added
> localhost to my list: host_accept_relay = localhost:208.36.207.0/24 but
> netscape still prompts me for a password whenever I try to send mail.


The next release of Exim contains the following change:

  26. Don't advertise AUTH if host in host_accept_relay, even if it is in  
  host_auth_accept_relay (unless "always advertise", of course).           


This is to cope with clients that can't be configured not to authorize
if they see the availability of the facility.

> I saw
> a couple of FAQs about this and someone had posted a patch to exim to make
> it not offer the AUTH command to someone who matched host_accept_relay, but
> when I went to look at the code, that patch was already there (I'm running
> exim 3.13) and it doesn't seem to work.. ??


Oh, heck. There's something odd in the documentation, because 3.13 lists
this change, which seems identical, but I know I did something different
to 3.14.

  9. When auth_always_advertise is false, a AUTH is no longer advertised if the  
  host is in host_accept_relay, even if it is also in host_accept_auth_relay.    
  Thus one can use combinations like                                            


    host_auth_accept_relay = *
    host_accept_relay = 10.9.8.0/24                    


without having to fill up host_auth_accept_relay with exceptions.

I think that 3.13 listing must not be quite what got implemented.

> One thing I was wondering is that when I do -bh tests, host_accept_relay is
> not checked until I list an RCPT that is not in local_domains.


No point in checking whether a host is allowed to relay until it
actually tries to relay - but YES! I remember now. That's the change
that has been made. The check has to be done earlier in order to get the
advertising right.

> I was
> wondering how this is supposed to work since if a client issues an EHLO
> command, exim automatically returns with AUTH as one of the available
> commands. I did not see anything in the logging about host_accept_relay
> being checked at that time.
>
> Could anyone shed some light on this problem for me? Am I missing a setting
> somewhere that causes host_accept_relay to be checked earlier?


No, the only thing you are missing is the next release, which hasn't
been released yet, I'm afraid.

Philip

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.