Re: [Exim] ACL troubles with exim-4.10

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Nico Erfurth
Date:  
À: Ben Lutgens
CC: exim-users@exim.org
Sujet: Re: [Exim] ACL troubles with exim-4.10

On Sat, 24 Aug 2002, Ben Lutgens wrote:

> --
> Am using exim-4.10 from source on a redhat-7.3 box with all the updates and
> a self compile and working pam_exim module.
>
> As I understand it, the following bit from my "acl_check_rcpt" ACL should
> allow anything listed in "relay_from_hosts" to relay mail providing the
> recpient if valid of course.
>
>  accept  hosts         = +relay_from_hosts
>          verify        = recipient

>
> Now, in my relay_from_hosts I have the following:
>
> hostlist relay_from_hosts = 127.0.0.1 : 192.168.1.0/8

isn't /8 a little bit to big? this would be 192.*.*.* and in this space
are public addresses too.

> Yet for some reason I am not allowed to relay mail.
>
> Aug 25 04:14:25 mail exim[2986]: 2002-08-25 04:14:25 H=(hostname)
> [192.168.1.143] F=<stripped@???> rejected RCPT
> <valid@???>: relay not permitted
>
> Am I missing something?

You must be careful, the ACLs are run from top to bottom, so if another
rule denies you, your one will never be used, try exim -d -bh IP

> Further I'd like to have "acl_smtp_auth = acl_check_auth" that says "Do not
> allow AUTH unless we're using TLS" and I believe that I can should be able
> to do:
>
> acl_check_auth:
>     accept encrypted = *
>     deny message = TLS encryption required before auth

>
> But I can't test this for accuracy before I get the previous rule working.
> Any help appreciated.


This should work in any case, because the auth-phase comes before the
mail-envelope. try to run exim -d -bs or exim -d -bh some.ip.addr.here and
send some authentication-data it should be denied with your message.


ciao