Re: [Exim] help with mysql host_accept_relay becoming open R…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Philip Hazel
日付:  
To: creslin
CC: Exim-users
題目: Re: [Exim] help with mysql host_accept_relay becoming open RELAY!
On Mon, 5 Mar 2001, creslin wrote:

> under host_accept_relay
> usually id add the ipranges of my local subnets i.e
> host_accept_relay = 192.168.0.0/24:192.168.10.0/24...
> i have a database table containing a column of these values, if the
> table is empty it denies all hosts allowed to relay
> as would be expected and wanted. However if i have any range or
> ipaddres in the table the server allows any machine on the internet
> to connect to it and send mail through it.


> I thought that by using the configure option
>
> MYSQL_RELAY = SELECT DISTINCT MYSQL_RELAYFIELD FROM MYSQL_RELAYTABLE
> host_accept_relay = net-mysql;MYSQL_RELAY
>
> would achieve this and the 'net-mysql' argument would let exim know
> it was expecting to recieve a list of ipaddress and not to bother
> resolving the domain via dns.


Two problems here:

(1) net-mysql is going to use the IP address as the key for the lookup.
So if you receive a call from 10.9.8.7 the key will be "10.9.8.7". If
you want the key to be "10.9.8.0/24" you need to use "net24-mysql".

(2) Nowhere in your mysql query have you specified where this key is to
be used. You need something like

select ... from ... WHERE name-of-column ='$key';

If your table contains entries with different masks, e.g. some have /24
and some have /32 etc, you will have to put several different queries in
your host_accept_relay setting, and put up with the fact that it will do
several probes.

If you find that Exim is doing reverse DNS lookups where you do not
expect them, use the -bh option to find out what is going on.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.