Re: [Exim] relay question

Góra strony
Delete this message
Reply to this message
Autor: Gary
Data:  
Dla: Dave C.
CC: exim-users, ph10
Temat: Re: [Exim] relay question
Hi Dave,

By the way, thanks for the replies, it's a big help!

Well I thought by setting *.hispeed.ch I'd be able to alow this DNS client
to authenticate and along with SMTP AUTH, I should be relatively safe; I do
see the danger though. I've actually followed this up in a speparate post
regarding difficulty I've been having with getting TLS to work.

In short:

With exim4 compiled with the following options:

AUTH_CRAM_MD5=yes
AUTH_PLAINTEXT=yes
AUTH_SPA=yes
SUPPORT_TLS=yes
TLS_LIBS=-lssl -lcrypto
TLS_LIBS=-L/usr/local/ssl/lib -R/usr/local/ssl/lib -lssl -lcrypto
TLS_INCLUDE=-I/usr/local/ssl/include/

and the runtime configuration file with these options (I put them in the
Authentication Configuration section because I couldn't find where else they
belonged).

tls_advertise_hosts = *
tls_certificate = /usr/local/ssl/certs/smtp2.cert
tls_privatekey = /usr/local/ssl/certs/smtp1.key

exim fails to start with the following:

Exim version 4.03 #5 built 18-Apr-2002 07:14:32
Copyright (c) University of Cambridge 2002
2002-04-18 13:36:21 Exim configuration error in line 532:
option "tls_advertise_hosts" unknown

and the same thing goes for the exim_paniclog

My theory is that somehow I don't have TLS compiled into the binary somehow
(I'm staring at TLS_LIBS etc...).

Gary.


----- Original Message -----
From: "Dave C." <djc@???>
To: "Gary Ferrer" <gary@???>
Cc: <exim-users@???>
Sent: Thursday, April 18, 2002 9:17 PM
Subject: Re: [Exim] relay question


> On Thu, 18 Apr 2002, Gary Ferrer wrote:
>
> > Hello again,
> > I've finally got relaying to work with exim 4!! I have a suspicious
> > feeling that I may not have done it correctly so here's the relevant
> > sections I'm wondering about:
> > ---------------------------------------
> > domainlist local_domains = ferrer.yi.org : antis.ch : antis.biz
> > domainlist relay_to_domains = *
> > hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/24 : *.hispeed.ch
> >
> > acl_smtp_rcpt = acl_check_rcpt
> >
> > acl_check_rcpt:
> >
> >         accept domains = +local_domains : +relay_to_domains
> >         accept hosts = +relay_from_hosts

> >
> > ---------------------------------------
> >
> > So what I needed to do was to allow a remote client (on the hispeed.ch
> > network) use the SMTP server to relay it's outgoing mail. Is this setup
> > correclty?
>
> Its correct if you want to allow yourself to be an open relay.
>
> What if I set my PTR (for any IP address I might get assigned from an
> ISP) to "blah.hispeed.ch".. There, now I can relay thru your server.
>
> 'hispeed.ch' is not a network - it is a DNS domain name. There is no
> one-to-one relationship between networks and domains.
>
> For clients connection from IP networks not under your control, the use
> of SMTP AUTH is the right way to go. The sender has to supply a
> username/password pair whih you validate, and permit relay on success.
>
> >
> > Thanks.
> >
> >
> >
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
> >
> >
>
>
> --
>
>
>