Re: [Exim] need help with smtp-auth and relaying

Top Page
Delete this message
Reply to this message
Author: volker augustin
Date:  
To: Nico Erfurth
CC: exim-users, volker
New-Topics: [Exim] User Controlled ACLs
Subject: Re: [Exim] need help with smtp-auth and relaying
thanks nico,
thats a great help. i carefully read it and tryied around with a new
configuration.

now, i put the ACL's in the suggested order and changed my domain lists
to the following:

domainlist local domains =@ : pgsql;SELECT domain from domain where
aktiv=1 and "local"=1
and
domainlist relay_to_domains = pgsql;SELECT domain from domain where
aktiv=1 and "local"=0

and i set my relay from hosts list to:
hostlist relay_from_hosts = 127.0.0.1

so, i understand my mistake with the lookup in the domainlists and also
the acl stuff makes sense (i dont understand it well, but it may work *g*)

now i can send messages from yahoo or somewhere else to one of my
accounts on the server, and also send messages from an authenticated
host to my server.
authentication seems to work well,
but if i send a mail through my server to another doman which is not on
my server, i got an 'unrouteable address' -error?

what am i doing wrong?
any suggestions? i took my old config to send this mail to the list ;)

i put my new config on this place:
http://www.multiartstudio.com/Files/exim/exim2.conf.txt

another question:

does it make sense to set
domains = !+local_domains : !+relay_to_domains
in the dnslookup-router??

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 127.0.0.0/8
no_more
##############


> the lookup;-syntax is more like a command, it means "do the lookup if
> you reach this, if i get a good response, this is fine for me"


you mean i results in something like 'true' and 'false'?


thanks in advance
volker


volker:
>> im using exim 4.05 with the local_scan patch for spamassassin, courier
>> imap/pop , both with maildir, and postgresql querys.


Nico Erfurth wrote:
>
> Update to exim 4.10
>> ...


i will do that as soon as possible....

>> ...
>
> Some advises regarding to your config
> ------------------------------------
> ##hostlist relay_from_hosts = 127.0.0.1:!${lookup pgsql{SELECT host\
> FROM host_blacklist WHERE host is not null and aktiv=1}{$value}fail}:*
>
> do it like this
>
> hostlist relay_from_hosts = 127.0.0.1:!pgsql;SELECT host\
> FROM host_blacklist WHERE host="$sender_host_address" and\
> aktiv=1
>
> This works better, and at least it will work at all ;)
> Same for your domainlists


thanks! i will try blacklists later if everything is well working :)

> ------------------------------------
>
> For your acl_check_rctp, you must give the acl in the correct order, the
> part with
>
 > accept  hosts         = +relay_from_hosts
 > deny    message       = relay not permitted, not authenticated

>
 > accept authenticated = *
 >     message = not authenticated

>
> should be written as
>
 > accept  hosts         = +relay_from_hosts
 > accept authenticated = *
 >     message = not authenticated
 > deny    message       = relay not permitted, not authenticated

>
> The order matters!
> With your current acl you deny everything BEFORE even doing the check
> for an authenticated sender,


done!

>
 > the verify = sender setting is strange to me, where does it belong to?
 > You should do a
 > require message = Sender verfiy failed
 >         verify = sender

>
> before accepting messages to your local domains



> ------------------------------------
>
> ### hmm if i put remote_smtp transport to this position,
> ###i run into problem with my virtual accounts, 'mx record points to
> ###...blablabla'
>
> You don't have have your virtual domains inside of local_domains, this
> is because your domainlist local_domains is not what you REALLY wanted
> to do, see my first hint.
>
> ------------------------------------
>
> You should REALLY read the exim docs (spec.txt) you did some big
> "newbie" failures, that could be avoided by RTFM.


but i read it as good as i can....

>
> The order of routers and ACLs matters!
>
> And, to show you why your lookups are bogus (in the lists) you can run
> exim -d -bt someuser@???
>
> The "problem" is, that exim FIRST expands the whole string and inserts
> the response from your sql-server, so your lookup will produce something
> like this
>
> domainlist local_domains @:domain1\ndomain2\n.....\n
>
> You see the problem?
>
>
> ciao
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
>
>