Re: [Exim] host_accept_relay problem with netscape on localh…

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
CC: exim-users
New-Topics: [Exim] RE: SMTP AUTH advice
Subject: Re: [Exim] host_accept_relay problem with netscape on localhost
Has anyone on the list actually got SMTP AUTH working in an ISP type
setup, permitting legitimate customers to relay mail from foreign
networks while travelling, while not causing any hassle for customers
using the local dialups?

If so, and are willing to post your configurations, and any other info
such as your username/password setup (PAM/NIS/DB/shadow?), what clients
it works with, etc, what version of exim?

I'd really like to get this fully working. We have an NIS/PAM setup, on
RedHat 5.2, currently running exim 3.13.. If anyone could offer their
(sample) configs.. I have already looked at the cookbook and FAQ.. I'm
asking if anyone has any further details..

It seems that it is possible that we need the change discussed below in
the as yet unreleased 3.14 in order not to annoy customers who are NOT
travelling - is it only Netscape that does this? What effect on other
clients?

Phil, any chance of 3.14 finding its way to the 'Testing' directory?





On Wed, 22 Mar 2000, Philip Hazel wrote:

> On Tue, 21 Mar 2000, Daniel Einspanjer wrote:
>
> > I tried two different methods
> > of file listing:
> >
> > host_accept_relay = lsearch;/etc/virtual/localips    and
> > host_accept_relay = /etc/virtual/localips
> > where localips was a simple text listing of each IP address.

>
> The first of those won't work because it does a host *name* search. If
> you want to lookup the IP address you need to add net- on the front.
>
> > I noticed that when netscape sends mail, it uses the IP localhost so I added
> > localhost to my list: host_accept_relay = localhost:208.36.207.0/24 but
> > netscape still prompts me for a password whenever I try to send mail.
>
> The next release of Exim contains the following change:
>
>   26. Don't advertise AUTH if host in host_accept_relay, even if it is in  
>   host_auth_accept_relay (unless "always advertise", of course).           

>
> This is to cope with clients that can't be configured not to authorize
> if they see the availability of the facility.
>
> > I saw
> > a couple of FAQs about this and someone had posted a patch to exim to make
> > it not offer the AUTH command to someone who matched host_accept_relay, but
> > when I went to look at the code, that patch was already there (I'm running
> > exim 3.13) and it doesn't seem to work.. ??
>
> Oh, heck. There's something odd in the documentation, because 3.13 lists
> this change, which seems identical, but I know I did something different
> to 3.14.
>
>   9. When auth_always_advertise is false, a AUTH is no longer advertised if the  
>   host is in host_accept_relay, even if it is also in host_accept_auth_relay.    
>   Thus one can use combinations like                                            

>
>     host_auth_accept_relay = *
>     host_accept_relay = 10.9.8.0/24                    

>
> without having to fill up host_auth_accept_relay with exceptions.
>
> I think that 3.13 listing must not be quite what got implemented.
>
> > One thing I was wondering is that when I do -bh tests, host_accept_relay is
> > not checked until I list an RCPT that is not in local_domains.
>
> No point in checking whether a host is allowed to relay until it
> actually tries to relay - but YES! I remember now. That's the change
> that has been made. The check has to be done earlier in order to get the
> advertising right.
>
> > I was
> > wondering how this is supposed to work since if a client issues an EHLO
> > command, exim automatically returns with AUTH as one of the available
> > commands. I did not see anything in the logging about host_accept_relay
> > being checked at that time.
> >
> > Could anyone shed some light on this problem for me? Am I missing a setting
> > somewhere that causes host_accept_relay to be checked earlier?
>
> No, the only thing you are missing is the next release, which hasn't
> been released yet, I'm afraid.
>
> Philip
>
> -- 
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>