Re: [Exim] ACL problem - semi-urgent

Top Page
Delete this message
Reply to this message
Author: William Thompson
Date:  
To: exim-users
Subject: Re: [Exim] ACL problem - semi-urgent
Please reply only to list.

> I'm having an issue with the ACL for controlling host access. Here's
> the relevent portions of my configuration.
>
> MYSQL_HOSTS = SELECT host FROM hosts WHERE status='allow'
> hostlist relay_from_hosts = mysql;MYSQL_HOSTS
> accept hosts = +relay_from_hosts


This does not work. I've tried it myself.

My work around was:
hostlist relay_from_hosts = ${lookup mysql{MYSQL_HOSTS}{${sg{$value}{\\n}{ : }} }}

When you do the lookup using mysql;<statement> it looks for a true/false
condition. Not the output.

If you use the ${lookup mysql ... approach, it will return the following:
63.171.251.0/24\n206.228.241.0/24\n204.118.174.0/24\n208.23.220.0/24\n208.33.189.0/24\n65.164.92.0/24\n65.164.93.0/24\n64.238.240.0/24\n64.4.124.0/24\n65.171.244.0/24\n65.171.245.0/24\n127.0.0.1

(the \n is put there just for reference). This is not what you want.

The ${sg is used to change \n to " : " w/o the quotes of course.

> Here's the output from the specified query:
>
> mysql> SELECT host FROM hosts WHERE status='allow';
> +------------------+
> | host             |
> +------------------+
> | 63.171.251.0/24  |
> | 206.228.241.0/24 |
> | 204.118.174.0/24 |
> | 208.23.220.0/24  |
> | 208.33.189.0/24  |
> | 65.164.92.0/24   |
> | 65.164.93.0/24   |
> | 64.238.240.0/24  |
> | 64.4.124.0/24    |
> | 65.171.244.0/24  |
> | 65.171.245.0/24  |
> | 127.0.0.1        |
> +------------------+

>
> Here's a sample log:
>
> 2003-06-09 06:26:02 H=(cms2) [204.118.174.250] F=<cms@???>
> rejected RCPT <eew@???>: relay not allowed
>
> Any suggestions on how to fix this other than opening up relay to all
> hosts?


Yes, use SMTP AUTH and do not allow relaying for anyone except 127.0.0.0/8
and any known locally secure systems (IE, inside your own network, not on
the internet)