On Wed, 2002-02-20 at 12:37, Guenter Riess wrote:
> Hi,
> I have a simple question about relaying. My current problem is, that I want
> to allow mail relaying for clients from the local network (172.30.0.0/16)
> except clients from the subnets
> 172.30.2.0/24
> 172.30.0.0/24
>
> A configuration that seems to work is the following:
>
> host_accept_relay = officialnetwork/officialmask : \
> !172.30.0.0/24 : !172.30.2.0/24 : 172.30.0.0/16 : \
> localhost
First match wins so you want:-
host_accept_relay = !172.30.0.0/24 : !172.30.2.0/24 : 172.30.0.0/16 : \
172.30.0.0/16 : 127.0.0.0/8
[NB changed localhost to a network/netmask set since that will prevent a
possibly superfluous DNS lookup being done there]
> Is this configuration ok or are there some issues? It seems, that exim
> processes the host list from left to right and if one condition is true, it
> stops processing the rest of the host list.
This is exactly as documented - see for example
http://www.exim.org/exim-html-3.30/doc/html/spec_7.html#SEC172
> I tried also a regular expression to filter out the hosts via their
> IP-Addresses with the following regexpr:
>
> host_accept_relay = ^172\.30\.\d{2,3}\.\d{1,3}$|^172\.30\.[^02]\.\d{1,3}$ : \
> officialnetwork/officialmask : \
> localhost
> First question: what's wrong with the regexp ?
You are attempting to regexp an IP address, exim is trying to match it
to a host name (ie following reverse DNS lookup). Use IP address
network/netmask notation for ip addresses.
> Second question: is the configuration without regexp (at top of mail) O.K. ?
> What is the recommended way to allow relay for a network WITHOUT certain
> addresses / subnets ?
If you are including a range with exceptions, list the exceptions first
as negative matches, then the allowed range.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
