v.augustin wrote:
> hello,
>
> im using exim 4.05 with the local_scan patch for spamassassin, courier
> imap/pop , both with maildir, and postgresql querys.
Update to exim 4.10
> what i want to do is:
> -blocking everyone who did not authenticate through smtp-auth sending mails
> through my host.
> -but i want accept mails from localhost to everywhere (for webmail and
> sysmail),
> -accept mails from authenticated users to everywhere,
> -and i want other mail-hosts allowed to send mails to my server
> local_domains (which are local or virtual).
>
> i got virtualdomains working fine, and using postgres.
> i got authentication working fine. netscape and outlook can successfully
> authenticate.
>
> so if anybody could help me with this problem, i also put my config here:
> http://www.multiartstudio.com/Files/exim/exim.conf.txt
>
> i think i missunderstood something in my config, but i dont know what could
> be wrong. now , when i got my final, good working config for exim 4.05 (as
> i thought), i got listed at ordb.org because it seems that i have an open
> relay, and what i see in my logfiles is that a spammer is still trying to
> send spammails through my server, but there are blocked by spamassassin -
> what costs a lot of log-traffic and serverperformance
>
> my problem is:
> if i put in my config:
> hostlist relay_from_hosts = 127.0.0.1
> or something like this: (popb4smtp testing):
> hostlist relay_from_hosts = 127.0.0.1: /home/Exim/etc/pop_b4_smtp.ip.log
>
> every mail from other hosts (like yahoo) is blocked! and cant send mails to
> my virtual domains...
>
> but with:
> hostlist relay_from_hosts = 127.0.0.1:*
> everything is fne, because most of my users have dialup accounts, i must
> use a wide range of ips
> and i go listed at ordb.org :((
>
> im gettig crazy on this, i would love it if somebody could help me on this
> stupid problem, because i studied all of the web... but got more and more
> confused... and my english is everyting else than good.
Some advises regarding to your config
------------------------------------
##hostlist relay_from_hosts = 127.0.0.1:!${lookup pgsql{SELECT host\
FROM host_blacklist WHERE host is not null and aktiv=1}{$value}fail}:*
do it like this
hostlist relay_from_hosts = 127.0.0.1:!pgsql;SELECT host\
FROM host_blacklist WHERE host="$sender_host_address" and\
aktiv=1
This works better, and at least it will work at all ;)
Same for your domainlists
------------------------------------
For your acl_check_rctp, you must give the acl in the correct order, the
part with
accept hosts = +relay_from_hosts
deny message = relay not permitted, not authenticated
accept authenticated = *
message = not authenticated
should be written as
accept hosts = +relay_from_hosts
accept authenticated = *
message = not authenticated
deny message = relay not permitted, not authenticated
The order matters!
With your current acl you deny everything BEFORE even doing the check
for an authenticated sender,
the verify = sender setting is strange to me, where does it belong to?
You should do a
require message = Sender verfiy failed
verify = sender
before accepting messages to your local domains
------------------------------------
### hmm if i put remote_smtp transport to this position,
###i run into problem with my virtual accounts, 'mx record points to
###...blablabla'
You don't have have your virtual domains inside of local_domains, this
is because your domainlist local_domains is not what you REALLY wanted
to do, see my first hint.
------------------------------------
You should REALLY read the exim docs (spec.txt) you did some big
"newbie" failures, that could be avoided by RTFM.
The order of routers and ACLs matters!
And, to show you why your lookups are bogus (in the lists) you can run
exim -d -bt someuser@???
The "problem" is, that exim FIRST expands the whole string and inserts
the response from your sql-server, so your lookup will produce something
like this
domainlist local_domains @:domain1\ndomain2\n.....\n
You see the problem?
the lookup;-syntax is more like a command, it means "do the lookup if
you reach this, if i get a good response, this is fine for me"
ciao
