[Exim] relay control: host_lookup, +allow_unknown

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Mexim at ->
Delete this message
Reply to this message
Author: Andreas M. Kirchwitz
Date:  
To: exim-users
Subject: [Exim] relay control: host_lookup, +allow_unknown
    Hello Exim users!

How do I allow relaying for a certain IP address range that has
no DNS reverse lookup?

My Exim configuration is quite restrictive (sender_verify,
sender_verify_reject, headers_check_syntax, headers_sender_verify,
headers_checks_fail, receiver_verify; but no HELO/EHLO checks).

For some IP address ranges listed in "host_accept_relay", I get
the following messages in my logfile:

refused relay (host) [...] (failed to find host name from IP address)

Well, Exim is right... those hosts have no DNS entry. Although
they are listed in "host_accept_relay", Exim rejects them. However,
I'm pretty sure that I really _want_ allow relaying for those hosts,
regardless of missing DNS entries.

First, I stumbled across "host_lookup". I still want DNS lookups
for all hosts, except for a certain IP range (for example, 1.2.3.0/24).
So, I tried: 

    host_lookup = 0.0.0.0/0 : !1.2.3.0/24


Doesn't help. Connects from 1.2.3.* are still rejected. They cannot
relay (yes, "1.2.3.0/24" _is_ listed in host_accept_relay :-) I also
tried to swap the order of the both host_lookup items. No success.

This really confused me. Shouldn't that be the answer to my
problem?

After a quick look at the source code I found the two settings
"+allow_unknown" and "+warn_unknown". After I knew they exist,
I finally found them in the manual as well (they are hidden really
good, IMHO).

Guess what my first solution was? 

    host_lookup = +warn_unknown : 0.0.0.0/0


Wrong. 1.2.3.0/24 still cannot relay. Same log messages as always.
Finally I wondered, why Exim considers all this DNS lookup stuff
a _relay_ problem. Okay, then I added: 

    host_accept_relay = +warn_unknown : [...other relayers...]


Hmm, relaying now works for 1.2.3.0/24 in my example.

But doesn't "host_accept_relay = +warn_unknown : [...]" mean
something like "accept all IP addresses for relaying that have
no reverse lookup"? Or does it just mean "if the DNS lookup for
one of the subsequent items fails, then don't fail immediately
but simply do the IP address verification - and only if that
doesn't match, then fail".

*sigh* I don't get it... maybe I'm to stupid... or too old...
I simply don't understand it. And I don't understand, what
"host_lookup" is good for if I have to use +allow_unknown
(or +warn_unknown) anyway.

To come back to my initial problem:

How do I allow relaying for a certain IP address range that has
no DNS reverse lookup? 

    My name is Andreas - and I'm confused.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] query about verifying aliasesRe: [Exim] rewriting address based on body content...->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)