tir, 08.04.2003 kl. 15.52 skrev Nico Erfurth:
> >> Nothing wrong with this, as long as helo_verify_hosts and/or host_lookup
> >> is specified (prior to the ACLs kicking in)? O.k., if reverse DNS
> >> doesn't work for the machine in question then hard luck - or set up a
> >> junk host list. But the alternative is authenticating and that's not
> >> always possible.
> I should read it complete ;) (And you too) We were talking about the
> $sender_address_domain.
What I meant was (and I use it myself, and it works), is that if you get
your Exim 4 to do a reverse look up on the sender, it doesn't matter who
he says he is - you have him by the short and curlies, since you then
compare him with your list of allowed relay hosts.
You can either have him at helo/ehlo time or at mail from time; he gets
a 550 anyway.
/BUT/. There are so many broken mail hosts out there, that if you go
that way, you have to have a list of broken mail hosts as exceptions.
The only way of avoiding this, is to do Giuliano's AUTH for all senders,
but as I said, this is impossible in practice for a mail host belonging
to a healthy commercial org (you start losing e-mail orders from Windows
and luser domains.)
The main thing is, that there are so many ways of doing the same thing
with Exim, that it's almost impossible to find any standard way any
longer.
Best,
Tony
--
Tony Earnshaw
e-post: tonni@???
www: http://www.billy.demon.nl
