Re: [Exim] local_domains doesn't always work

Top Page
Delete this message
Reply to this message
Author: Jeff Lasman
Date:  
To: Tabor J. Wells
CC: exim-users
Subject: Re: [Exim] local_domains doesn't always work
On Saturday 27 December 2003 05:40 pm, Tabor J. Wells wrote:

> You should probably put your DNSBL lookups in the ACL that runs at
> RCPT TO time. The sample config that ships with exim has the lookups
> there. This also allows you to exempt certain addresses like your
> postmaster address so that sites in those DNSBLs can contact you.


Now that I've just spent some time studying the ACL that runs at RCPT
time, I'm beginning to understand, but I have some questions...

Here's my ACL that runs at RCPT time:

<snip>
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  accept  hosts = :
  accept  domains = +local_domains
  accept  domains = +relay_domains
  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted
</snip>


I realize that there are sometimes multiple answers to questions, and
that there's no replacement for experience, but I don't have experience
(yet), so I'm looking for ideas and perhaps "best practices".

Here are my questions...

(1) local_domains is defined as "lsearch;/etc/virtual/domains".
/etc/vitual/domains is a list of domain names hosted on the server.
Where does exim get the domain name it compares with the contents of
/etc/virtual/domains? Hopefully this isn't from something as spoofable
as the ehlo line.

(2) relay_domains is defined as "lsearch;/etc/virtual/domains : \
localhost". My concern is that in ACLs, whenever relay_domains is used
it's sused on a separate line after local_domains (see example ACL
above), so I'd think it should be it's own file for maximum
flexibility. I'm also not sure that localhost should follow a colon.
Shouldn't it perhaps be in the file?

(3) relay_hosts is defined as /etc/virtual/pophosts; that's fine (not a
question <smile>).

(4) auth_relay_hosts is defined as "*". What does it mean?

And now the final question...
(5) How do I just put the entire thing together with this RBL ACL stuff;
I don't want to make any mistakes as this is a working server):

<snip>
  deny message = $sender_host_address is listed at $dnslist_domain - see
http:/
       dnslists = relays.ordb.org : \
           sbl.spamhaus.org : \
           bl.spamcop.net : \
           dnsbl.njabl.org : \
           cbl.abuseat.org : \
           http.dnsbl.sorbs.net : \
           socks.dnsbl.sorbs.net : \
           misc.dnsbl.sorbs.net : \
           smtp.dnsbl.sorbs.net : \
           web.dnsbl.sorbs.net : \
           spam.dnsbl.sorbs.net : \
           block.dnsbl.sorbs.net : \
           zombie.dnsbl.sorbs.net : \
           dul.dnsbl.sorbs.net : \
           rhsbl.sorbs.net
  accept
</snip>


Thanks.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"