[Exim] help with mysql host_accept_relay becoming open RELAY…

Top Page
Delete this message
Reply to this message
Author: creslin
Date:  
To: Exim-users
Subject: [Exim] help with mysql host_accept_relay becoming open RELAY!
Hey all,
    Hope somebody can help me with a problem im having with controlling the range of addresses
authorised to relay mail to any address.
When i configure exim to collect its range of addresses allowed to relay from mysql the server becomes open relay.
ive tried populating the database with single ip address's and subnets, all seem to render the smtp as open relay.
If anbody can something of the mess below and explain whats goin on itd be muchly appreciated.


Regards
Danny
creslin@???
ps when configuring the host_accept_relay = 192.168.0.0/24:123.123....... it works fine


server details
I have a mysql table called srelay ( static relay address)
this table contains a column again called srelay ( nothing like clarity here)
#########################################
# extract from exim configure file
#########################################
# Mysql relay info
MYSQL_RELAYTABLE=srelay
MYSQL_RELAYFIELD=srelay
MYSQL_RELAY = SELECT DISTINCT MYSQL_RELAYFIELD FROM MYSQL_RELAYTABLE
host_accept_relay = net-mysql;MYSQL_RELAY

when i populate the table with any ipadresses or ranges exim becomes open relay.

*********************************************************************************************
exim -bh with bad range in database authorises !
*********************************************************************************************
mysql> select * from srelay;
+-----------+--------------------+
| srelay_id | srelay             |

+-----------+--------------------+
|         9 | 123.123.123.123/24 |

+-----------+--------------------+
[root@cressmail log]# /usr/sbin/sendmail -bh 192.168.0.25

**** SMTP testing session as if from host 192.168.0.25
**** Not for real!

>>> host in host_lookup? no (option unset)
>>> host in host_reject? no (option unset)
>>> host in host_reject_recipients? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in receiver_unqualified_hosts? no (option unset)
>>> host in helo_verify? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

220 cressmail.co.uk ESMTP Exim 3.16 #2 Sun, 04 Mar 2001 20:10:45 +0000
helo creslin.firewall.co.uk
>>> creslin.firewall.co.uk in local_domains? no (end of list)

250 cressmail.co.uk Hello creslin.firewall.co.uk [192.168.0.25]
mail from:<creslin@???>
>>> creslin@??? in sender_reject? no (option unset)
>>> creslin@??? in sender_reject_recipients? no (option unset)

250 <creslin@???> is syntactically correct
rcpt to:<creslin@???>
>>> creslin.co.uk in local_domains? no (end of list)
>>> creslin.co.uk in relay_domains? no (end of list)
>>> host in host_accept_relay? yes (net-mysql;SELECT DISTINCT srelay FROM srelay)
>>> host is permitted to relay
>>> sender is permitted to relay

250 <creslin@???> is syntactically correct


*******************************************************************************
exim -bh with no data in database doesnt authorise
*******************************************************************************
[root@cressmail log]# /usr/sbin/sendmail -bh 192.168.0.25

**** SMTP testing session as if from host 192.168.0.25
**** Not for real!

>>> host in host_lookup? no (option unset)
>>> host in host_reject? no (option unset)
>>> host in host_reject_recipients? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in receiver_unqualified_hosts? no (option unset)
>>> host in helo_verify? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

220 cressmail.co.uk ESMTP Exim 3.16 #2 Sun, 04 Mar 2001 20:07:16 +0000
helo creslin.firewall.co.uk
>>> creslin.firewall.co.uk in local_domains? no (end of list)

250 cressmail.co.uk Hello creslin.firewall.co.uk [192.168.0.25]
mail from:<creslin@???>
>>> creslin@??? in sender_reject? no (option unset)
>>> creslin@??? in sender_reject_recipients? no (option unset)

250 <creslin@???> is syntactically correct
rcpt to:<creslin@???>
>>> creslin.co.uk in local_domains? no (end of list)
>>> creslin.co.uk in relay_domains? no (end of list)
>>> host in host_accept_relay? no (end of list)

550 relaying to <creslin@???> prohibited by administrator
LOG: refused relay (host) to <creslin@???> from <creslin@???> H=(creslin.firewall.co.uk) [192.168.0.25]

Database is setup as follows

create table srelay (
srelay_id INTEGER NOT NULL AUTO_INCREMENT,
srelay CHAR(19) NOT NULL,
UNIQUE (srelay),
PRIMARY KEY (srelay_id)
);