I've been puzzling over this for some time now. I have a file of addresses
and subnets which I reject mail from using host_reject_recipients. It mostly
works well, but it seems to "leak" on some addresses or subnets depending on
the position it is in the file I reference. It is a large file with over
5500 lines in it including comments. Many of the subnets specified overlap
with others, but I keep them in there mostly for documentation purposes.
For example, I might list "10.0.0.0/8" near the top of the file, and further
down in the file I might have more specific subnets with examples in comments.
Like "10.20.0.0/16" might be listed as a separate item with comments describing
why.
I reference the file like this in the config file:
HOST_REJECT = /usr/exim/etc/reject_host.txt
.
.
.
host_reject_recipients = +warn_unknown : HOST_REJECT
Like I say, for probably better than 95% of the addresses in there it works
fine. But I noticed that it leaks on some addresses.. For example, I had
one subnet listed (subnet changed to protect the guilty) like this:
192.168.50.0/24
..and I was getting some leaking through with addresses in that subnet.
I moved the subnet spec up closer to the top of the file, and it then
worked fine. I've been testing with "exim -d11 -bh 192.168.50.32" for
example and get the following when I don't have it near the top:
host in host_reject_recipients? no (failed to find host name or lookup deferred)
LOG: 0 MAIN
failed to find host name for [192.168.50.32]: permitted by +warn_unknown
And yet I know it's there. If I move it somewhere else, it comes up properly.
host in host_reject_recipients? yes (192.168.50.0/24 in /usr/exim/etc/reject_host.txt)
LOG: 1 MAIN REJECT
recipients from [192.168.50.32] refused (failed to find host name from IP address)
I've checked the file carefully for syntax errors. (I've had that happen before
too, where it will silently accept the file, and yet ignore anything past the
error.)
I've also checked addresses beyond where the subnet is listed in the file and
many which I've checked work properly.
Unfortunately, "exim -bP host_reject_recipients" doesn't expand the list in the
file, it just tells be what file it's set to.
I'm at a loss as to why this is happening. Anyone with any solutions?
I don't think a search type will work on subnets and addresses, will it?
Any suggestions??
Thanks.
--
Bill Duncan, VE3IED | BeachNet --> http://www.beachnet.org
bduncan@??? | - Network/System Administration
+1 416 693-5960 | - System Analysis/Design/Programming