Re: [Exim] help with mysql host_accept_relay becoming open R…

Página Inicial
Delete this message
Reply to this message
Autor: creslin
Data:  
Para: Philip Hazel
CC: Exim-users
Assunto: Re: [Exim] help with mysql host_accept_relay becoming open RELAY!
Sorry if there was some confusion, Im not trying to look up domains
allowed to mail from anywhere
but rather a range of ip address's allowed to use the server as there
smtp RELAY
under host_accept_relay
usually id add the ipranges of my local subnets i.e
host_accept_relay = 192.168.0.0/24:192.168.10.0/24...
i have a database table containing a column of these values, if the
table is empty it denies all hosts allowed to relay
as would be expected and wanted. However if i have any range or
ipaddres in the table the server allows any machine on the internet
to connect to it and send mail through it.
A table containing the local domains are curently held in the mysql
database and work properly delivering mail to local dropboxes.
I thought that by using the configure option

MYSQL_RELAY = SELECT DISTINCT MYSQL_RELAYFIELD FROM MYSQL_RELAYTABLE
host_accept_relay = net-mysql;MYSQL_RELAY

would achieve this and the 'net-mysql' argument would let exim know
it was expecting to recieve a list of ipaddress and not to bother
resolving the domain via dns.
hope im not missing something stupid here ive been hacking at this
for hours and always achieve same result.
Regards
Danny Hallwood.
creslin@???


> > When i configure exim to collect its range of addresses allowed
> > to relay from mysql the server becomes open relay.
>
> This really is becoming FAQ. Sigh.
>
> You cannot configure Exim to collect its range of addresses allowed
> to relay from anywhere. What you can do is to configure it to look
> up *one* domain and see if it is in a list in your server. This
> seems to be a concept that people find difficult to grasp. (I see
> that I've already written "poorly explained" next to the relevant
> point in the manual. I'll try to do better in the next edition.)
> Think of a file
> domain1
> domain2
> ...
>
> The setting relay_domains = lsearch;/that/file does NOT insert the
> whole list into the setting [*]; it does a single proble ("is the
> domain in the file?") Similarly if you use mysql or any other
> database. You need something like
>
> relay_domains = mysql;select x from domains where domain='$key';
>
> the value of $key is the domain that is being looked up. It doesn't
> matter what "x" is - the data isn't going to be used. What Exim
> wants to know is whether $key is a domain in the database.
>
> ------------
> [*] If you gave a file name *without* lsearch; then it would be an
> interpolation, but you can't interpolate any other way.
>
>
>
> -- 
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.