[Exim] exim -bs -oMa

Top Page
Delete this message
Reply to this message
Author: Joachim Wieland
Date:  
To: exim-users
Subject: [Exim] exim -bs -oMa
Hi,

I'm using exim 3.952 and have a question regarding the combination of
-bs and -oMa

I've set up the following:

  accept  hosts         = 1.2.3.4
          endpass
          message       = unrouteable address
          verify        = recipient



It seems to be fine from the command line

# exim -bs -oMa 1.2.3.4
220 carlo.rox.net ESMTP Exim 3.952 #3 Sat, 23 Feb 2002 18:10:39 +0100
mail from: joe@???
250 OK
rcpt to: jwieland@???
250 Accepted

# exim -bs -oMa 1.2.3.6
220 carlo.rox.net ESMTP Exim 3.952 #3 Sat, 23 Feb 2002 18:10:52 +0100
mail from: joe@???
250 OK
rcpt to: jwieland@???
550 relay not permitted

So far, everything works as it is expected.

Now I edit inetd.conf to the following:

smtp    stream  tcp     nowait  root    /usr/local/bin/exim    exim -bs \
-oMa 1.2.3.4


(which is actually one line)

I start up exim (by telnet-ting) and look at ps:

mail     28619  0.1  1.2  4644 1544 ?        S    18:14   0:00 exim -bs
-oMa 1.2.3.4


Futhermore I have set:

carlo:~ # exim -bP |grep trusted
trusted_groups =
trusted_users = mail:root
untrusted_set_sender =

Exim runs as a trusted user and so it should be allowed to use -oMa (I
think I don't even need any trusted_users settings, since root and the
exim user are trusted anyway, right?)

Now comes the strange part, I've already telnet-ted to the smtp port and
try to get a mail relayed again:

# telnet 0 smtp
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 carlo.rox.net ESMTP Exim 3.952 #3 Sat, 23 Feb 2002 18:19:34 +0100
mail from: joe@???
250 OK
rcpt to: jwieland@???
550 relay not permitted


Why does exim refuse to relay though it was called with -oMa and an IP
that is allowed to relay? I think that getpeername() succeeds since exim
was called via a socket and so the getpeername()-IP overrides the -oMa
IP... Is this supposed to work this way?

I admit that the above setting is with no doubt nonsense. I need it
because I also want to offer SMTP over SSL and if I pass the connection
through stunnel or sslwrap, the source IP is gone. So I patched stunnel
to replace REMOTE_HOST by the real remote IP and let it call "exim -bs
-oMa REMOTE_HOST".


Another question related to this one:

When I set:

accept  hosts         = pgsql;select ip from tblsmtpafterpop \
                       where ip = '$sender_host_address' and time > now();


why does exim refuse to look the SQL string up if I run
"exim -bs -oMa w.x.y.z" and w.x.y.z does not have a reverse record?

I see

sender host name required, to match against pgsql;select ip from
tblsmtpafterpop where ip = '1.2.3.6' and time > now();
host in "pgsql;select ip from tblsmtpafterpop where ip = '1.2.3.6' and
time > now();"? no (failed to find host name)
accept: condition test failed

in the debug log.

Why does exim need a host name and why is the IP not sufficient?



Thank you very much for any hints,
Joachim

--
*****PGP key available - send e-mail request***** - ICQ: 37225940
Due to circumstances beyond your control, you are master of your fate
and captain of your soul.