[Exim] Relaying - Restricting some Networks

Top Page
Delete this message
Reply to this message
Author: Guenter Riess
Date:  
To: exim-users
Subject: [Exim] Relaying - Restricting some Networks
Hi,
I have a simple question about relaying. My current problem is, that I want
to allow mail relaying for clients from the local network (172.30.0.0/16)
except clients from the subnets
172.30.2.0/24
172.30.0.0/24

A configuration that seems to work is the following:

host_accept_relay = officialnetwork/officialmask : \
                    !172.30.0.0/24 : !172.30.2.0/24 : 172.30.0.0/16 : \
                    localhost


Is this configuration ok or are there some issues? It seems, that exim
processes the host list from left to right and if one condition is true, it
stops processing the rest of the host list. In this case hosts from
172.30.0.0/24 are not permitted to relay, but all other host from
172.30.0.0/16 are able to relay.
I have no good feeling with that configuration line above, because I
fear, that ALL hosts except the ranges 172.30.0.0/24 and 172.30.2.0/24
may relay now ?!
In my tests it doesn't seem so, but bad feeling remains...


I tried also a regular expression to filter out the hosts via their
IP-Addresses with the following regexpr:

host_accept_relay = ^172\.30\.\d{2,3}\.\d{1,3}$|^172\.30\.[^02]\.\d{1,3}$ : \
                             officialnetwork/officialmask : \
                             localhost


but the problem was that exim refused the relay with the following reject log:

2002-02-20 12:16:32 refused relay (host) to <user@???> from
<user@localdomain> H=host.localdomain (host) [172.30.1.14]

First question: what's wrong with the regexp ?
Second question: is the configuration without regexp (at top of mail) O.K. ?
What is the recommended way to allow relay for a network WITHOUT certain
addresses / subnets ?

Regards,
G. Riess