Suresh Ramasubramanian wrote:
>> How do I allow relaying for a certain IP address range that has
>> no DNS reverse lookup?
>
> Give the ip blocks in CIDR format (ip/32, ip block /24 etc). And disable host
> lookup for those IP blocks.
>
> Then suppose the ip is 192.168.1.1 (ya, I know it is rfc 1918 space <g>) in
> the host_lookup option, give
>
> host_lookup = !192.168.1.1:0.0.0.0/0
>
> That will verify hosts for all ip's except 192.168.1.1
I tried that as well (this is what I meant with swapping the items
for host_lookup ;-), but it didn't help.
What did help, was adding +allow_unknown (or +warn_unkown) to
"host_accept_relay".
But I'm not quite sure, if "+allow_unknown" in "host_accept_relay"
is a good idea.
However, if +allow_unknown is needed for host_accept_relay,
what is "host_lookup" good for at all? Shouldn't the addition
of "!1.2.3.0/24" in "host_lookup" already keep "host_accept_relay"
from DNS resolving for that specific IP range? Why is "+allow_unknown"
still needed?
I'm not really sure, what exactly "+allow_unknown" does. But from
my point of view it's something like: "I don't want to disable DNS
lookup for !1.2.3.0/24 globally by adding it to host_lookup. I just
don't want it for host_accept_relay, so I add it there." So, I wonder
why adding something to host_lookup is ignored by host_accept_relay.
>> For some IP address ranges listed in "host_accept_relay", I get
>> the following messages in my logfile:
>> refused relay (host) [...] (failed to find host name from IP address)
>
> Dont check the hostname there - and don't relay for hostnames - relay for
> specific ips or ip blocks.
I prefer IP blocks, but I have sites where IP addresses don't
help - only hostnames can be used for them.
Greetings, Andreas
