Re: [Exim] relaying question

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Nigel Metheringham
Date:  
À: bmcalpine@macconnect.com
CC: exim-users
Sujet: Re: [Exim] relaying question
bmcalpine@??? said:
> i want to use this in combination with relay restrictions based on IP
> blocks, but i don't want exim to run reverse lookups on domain names
> trying to relay. I have removed the perform reverse lookup option in
> the configuration file but without any luck.


If you mean that you want all connecting ip addresses which match
*.your.dom.ain to be able to relay, then you are going to force exim to
do reverse DNS lookups, because it has no other way of checking the
name/ip mapping.

If you mean that you want anyone who forges their envelope address to
be of the form someone@??? then that can be done but is
commonly known as an open relay - with the even nicer side effect that
all the spam mail put through it will be from your domain and you will
end up being blamed (pretty much rightly) by all the recipients.

Exim has comprehensive documentation on control of relaying, and asking
this sort of question on the list basically shows you haven't bothered
to look at it - hence the rather short responses you have got.

Try reading
    http://www.exim.org/exim-html-3.20/doc/html/spec_46.html#SEC813


which is the section helpfully entitled "Control of relaying".
The options you apparently want are sender_address_relay &
relay_match_host_or_sender

If you do start playing with this sort of config, please submit the IP 
address of your mailserver to the ORBS database at 
http://www.orbs.org/report_1.html
This has 3 advantages:-
  1. You are told if you have managed to configure an open relay
  2. We can block you if you are open
  3. The spammers can easily find you when the DB is made
     public.  [However they will pick up even faster]


So everyone benefits...

    Nigel.


-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]