Thanks for your help solving my RELAY problem
your suggestion to use net24-mysql and the variable $key worked
prefectly
Regards
Danny
creslin@???
- ----- Original Message -----
From: "Philip Hazel" <ph10@???>
To: "creslin" <creslin@???>
Cc: <Exim-users@???>
Sent: Tuesday, March 06, 2001 8:48 AM
Subject: Re: [Exim] help with mysql host_accept_relay becoming open
RELAY!
> On Mon, 5 Mar 2001, creslin wrote:
>
> > under host_accept_relay
> > usually id add the ipranges of my local subnets i.e
> > host_accept_relay = 192.168.0.0/24:192.168.10.0/24...
> > i have a database table containing a column of these values, if
> > the table is empty it denies all hosts allowed to relay
> > as would be expected and wanted. However if i have any range or
> > ipaddres in the table the server allows any machine on the
> > internet to connect to it and send mail through it.
>
> > I thought that by using the configure option
> >
> > MYSQL_RELAY = SELECT DISTINCT MYSQL_RELAYFIELD FROM
> > MYSQL_RELAYTABLE host_accept_relay = net-mysql;MYSQL_RELAY
> >
> > would achieve this and the 'net-mysql' argument would let exim
> > know it was expecting to recieve a list of ipaddress and not to
> > bother resolving the domain via dns.
>
> Two problems here:
>
> (1) net-mysql is going to use the IP address as the key for the
> lookup. So if you receive a call from 10.9.8.7 the key will be
> "10.9.8.7". If you want the key to be "10.9.8.0/24" you need to
> use "net24-mysql".
>
> (2) Nowhere in your mysql query have you specified where this key
> is to be used. You need something like
>
> select ... from ... WHERE name-of-column ='$key';
>
> If your table contains entries with different masks, e.g. some have
> /24 and some have /32 etc, you will have to put several different
> queries in your host_accept_relay setting, and put up with the
> fact that it will do several probes.
>
> If you find that Exim is doing reverse DNS lookups where you do not
> expect them, use the -bh option to find out what is going on.
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@??? Cambridge, England. Phone: +44 1223 334714.