Hey,
i use the mysql-qpopper patch and in my looks the mysql
stuff related to the relay
like this:
# Timeout for pop before mysql authentication for relaying
# See mysql documentation for DATE_ADD for exact format
RELAY_TIMEOUT=5 MINUTE
MYSQL_RELAY = SELECT ip FROM relay_ip WHERE
ip="${sender_host_address}" AND DATE_SUB(NOW(), INTERVAL
RELAY_TIMEOUT) < ts
host_accept_relay = localhost:mysql;MYSQL_RELAY
mysql> show columns from relay_ip;
+-----------------+------------------+------+-----+---------------------+----------------+
| Field | Type | Null | Key |
Default | Extra |
+-----------------+------------------+------+-----+---------------------+----------------+
| ip | char(45) | | MUL
| | |
| ts | datetime | | |
0000-00-00 00:00:00 | |
| machen | char(45) | | |
RELAY | |
| statisch | enum('yes','no') | | |
no | |
| nr_of_poplogins | int(10) unsigned | | MUL |
NULL | auto_increment |
+-----------------+------------------+------+-----+---------------------+----------------+
5 rows in set (0.00 sec)
mysql> select * from relay_ip where nr_of_poplogins='1200';
+--------------+---------------------+--------+----------+-----------------+
| ip | ts | machen | statisch |
nr_of_poplogins |
+--------------+---------------------+--------+----------+-----------------+
| 62.226.68.35 | 2001-02-27 07:13:34 | RELAY | no
| 1200 |
+--------------+---------------------+--------+----------+-----------------+
1 row in set (0.03 sec)
you only need ip, ts
If you don't use it as an smtp after pop3 relay, you should
comment out the time check
From cron i check the relay_ip table and delete old entrys
to reduce the size of the table
Hope this helps.
Greetings Torsten
creslin schrieb:
>
> > Sorry if there was some confusion, Im not trying to look up domains
> allowed to mail from anywhere
> but rather a range of ip address's allowed to use the server as there
> smtp RELAY
> under host_accept_relay
> usually id add the ipranges of my local subnets i.e
> host_accept_relay = 192.168.0.0/24:192.168.10.0/24...
> i have a database table containing a column of these values, if the
> table is empty it denies all hosts allowed to relay
> as would be expected and wanted. However if i have any range or
> ipaddres in the table the server allows any machine on the internet
> to connect to it and send mail through it.
> A table containing the local domains are curently held in the mysql
> database and work properly delivering mail to local dropboxes.
> I thought that by using the configure option
>
> MYSQL_RELAY = SELECT DISTINCT MYSQL_RELAYFIELD FROM MYSQL_RELAYTABLE
> host_accept_relay = net-mysql;MYSQL_RELAY
>
> would achieve this and the 'net-mysql' argument would let exim know
> it was expecting to recieve a list of ipaddress and not to bother
> resolving the domain via dns.
> hope im not missing something stupid here ive been hacking at this
> for hours and always achieve same result.
> Regards
> Danny Hallwood.
> creslin@???
>
> > > When i configure exim to collect its range of addresses allowed
> > > to relay from mysql the server becomes open relay.
> >
> > This really is becoming FAQ. Sigh.
> >
> > You cannot configure Exim to collect its range of addresses allowed
> > to relay from anywhere. What you can do is to configure it to look
> > up *one* domain and see if it is in a list in your server. This
> > seems to be a concept that people find difficult to grasp. (I see
> > that I've already written "poorly explained" next to the relevant
> > point in the manual. I'll try to do better in the next edition.)
> > Think of a file
> > domain1
> > domain2
> > ...
> >
> > The setting relay_domains = lsearch;/that/file does NOT insert the
> > whole list into the setting [*]; it does a single proble ("is the
> > domain in the file?") Similarly if you use mysql or any other
> > database. You need something like
> >
> > relay_domains = mysql;select x from domains where domain='$key';
> >
> > the value of $key is the domain that is being looked up. It doesn't
> > matter what "x" is - the data isn't going to be used. What Exim
> > wants to know is whether $key is a domain in the database.
> >
> > ------------
> > [*] If you gave a file name *without* lsearch; then it would be an
> > interpolation, but you can't interpolate any other way.
> >
> >
> >
> > --
> > Philip Hazel University of Cambridge Computing Service,
> > ph10@??? Cambridge, England. Phone: +44 1223 334714.
>
> >
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
