Re: [Exim] help with mysql host_accept_relay becoming open R…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Torsten Mueller
Date:  
À: creslin, Exim-users
Sujet: Re: [Exim] help with mysql host_accept_relay becoming open RELAY!
Hey,

i use the mysql-qpopper patch and in my looks the mysql
stuff related to the relay
like this:

# Timeout for pop before mysql authentication for relaying
# See mysql documentation for DATE_ADD for exact format
RELAY_TIMEOUT=5 MINUTE
MYSQL_RELAY = SELECT ip FROM relay_ip WHERE
ip="${sender_host_address}" AND DATE_SUB(NOW(), INTERVAL
RELAY_TIMEOUT) < ts
host_accept_relay = localhost:mysql;MYSQL_RELAY

mysql> show columns from relay_ip;
+-----------------+------------------+------+-----+---------------------+----------------+
| Field           | Type             | Null | Key |

Default             | Extra          |
+-----------------+------------------+------+-----+---------------------+----------------+

| ip              | char(45)         |      | MUL
|                     |                |
| ts              | datetime         |      |     |

0000-00-00 00:00:00 |                |

| machen          | char(45)         |      |     |

RELAY               |                |

| statisch        | enum('yes','no') |      |     |

no                  |                |

| nr_of_poplogins | int(10) unsigned |      | MUL |

NULL                | auto_increment |
+-----------------+------------------+------+-----+---------------------+----------------+
5 rows in set (0.00 sec)


mysql> select * from relay_ip where nr_of_poplogins='1200';
+--------------+---------------------+--------+----------+-----------------+
| ip           | ts                  | machen | statisch |

nr_of_poplogins |
+--------------+---------------------+--------+----------+-----------------+
| 62.226.68.35 | 2001-02-27 07:13:34 | RELAY  | no      
|            1200 |

+--------------+---------------------+--------+----------+-----------------+
1 row in set (0.03 sec)


you only need ip, ts

If you don't use it as an smtp after pop3 relay, you should
comment out the time check

From cron i check the relay_ip table and delete old entrys
to reduce the size of the table

Hope this helps.

Greetings Torsten

creslin schrieb:
>
>
> Sorry if there was some confusion, Im not trying to look up domains
> allowed to mail from anywhere
> but rather a range of ip address's allowed to use the server as there
> smtp RELAY
> under host_accept_relay
> usually id add the ipranges of my local subnets i.e
> host_accept_relay = 192.168.0.0/24:192.168.10.0/24...
> i have a database table containing a column of these values, if the
> table is empty it denies all hosts allowed to relay
> as would be expected and wanted. However if i have any range or
> ipaddres in the table the server allows any machine on the internet
> to connect to it and send mail through it.
> A table containing the local domains are curently held in the mysql
> database and work properly delivering mail to local dropboxes.
> I thought that by using the configure option
>
> MYSQL_RELAY = SELECT DISTINCT MYSQL_RELAYFIELD FROM MYSQL_RELAYTABLE
> host_accept_relay = net-mysql;MYSQL_RELAY
>
> would achieve this and the 'net-mysql' argument would let exim know
> it was expecting to recieve a list of ipaddress and not to bother
> resolving the domain via dns.
> hope im not missing something stupid here ive been hacking at this
> for hours and always achieve same result.
> Regards
> Danny Hallwood.
> creslin@???
>
> > > When i configure exim to collect its range of addresses allowed
> > > to relay from mysql the server becomes open relay.
> >
> > This really is becoming FAQ. Sigh.
> >
> > You cannot configure Exim to collect its range of addresses allowed
> > to relay from anywhere. What you can do is to configure it to look
> > up *one* domain and see if it is in a list in your server. This
> > seems to be a concept that people find difficult to grasp. (I see
> > that I've already written "poorly explained" next to the relevant
> > point in the manual. I'll try to do better in the next edition.)
> > Think of a file
> > domain1
> > domain2
> > ...
> >
> > The setting relay_domains = lsearch;/that/file does NOT insert the
> > whole list into the setting [*]; it does a single proble ("is the
> > domain in the file?") Similarly if you use mysql or any other
> > database. You need something like
> >
> > relay_domains = mysql;select x from domains where domain='$key';
> >
> > the value of $key is the domain that is being looked up. It doesn't
> > matter what "x" is - the data isn't going to be used. What Exim
> > wants to know is whether $key is a domain in the database.
> >
> > ------------
> > [*] If you gave a file name *without* lsearch; then it would be an
> > interpolation, but you can't interpolate any other way.
> >
> >
> >
> > --
> > Philip Hazel            University of Cambridge Computing Service,
> > ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##