Hi
I'm upgrading our EXIM to 4.3 but looking at our old 3.22 config file can
someone explain to me how the host_lookup, 0.0.0.0/0 and +allow_unknown all
work together to stop unknown mailers from getting ?
Thanks
Leigh
<part of config file - domain and ip addresses changed :-) >
# macro definitions - live settings
SMTP_PORT = "smtp"
# local subnet definition to prevent rbl lookup for local hosts
# this should prevent imap delay when upstream routers barf
OUR_SUBNET = 123.456.789.0/24
# host macro to allow rbl'd hosts to send mail.
#
LAMERS_IN_RBL =
# hosts we want to accept mail from that can't do reverse DNS lookup
# (nb: require ! before each one)
HOST_LOOKUP_EXCEPTIONS = !128.242.207.107
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# set port for picking up smpt connections
daemon_smtp_port = SMTP_PORT
qualify_domain = somedomain.ac.uk
# local domains are either itri.brighton.ac.uk (for mail form outside)
# or *.itri.brighton.ac.uk (for mail forwarded from ITRI clients)
# also allow localhost
local_domains = "somedomain.ac.uk: \
*.somedomain.ac.uk: \
localhost"
forbid_domain_literals
# may want to add more in future?
never_users = root
# reverse lookup all incoming addresses except those listed in
# HOST_LOOKUP_EXCEPTIONS. NB: for this to work properly all other
# host-list-valued vars must include '+allow_unknown', otherwise
# reverse lookup just fails hen (ie we use host_lookup as the *only*
# mechanism to block reverse DNS lookup failure).
host_lookup = HOST_LOOKUP_EXCEPTIONS: 0.0.0.0/0
# accept outgoing relaying from ITRI subnet
host_accept_relay = +allow_unknown:\
localhost:123.456.789.0/24:
# Remove frozen messages after 12 hours
ignore_errmsg_errors_after = 12h
primary_hostname = mailhost.somedomain.ac.uk
receiver_unqualified_hosts = +allow_unknown:\
*.somedomain.ac.uk
sender_unqualified_hosts = +allow_unknown:\
*.somedomain.ac.uk
# enable sender verification (with fixup), but not recipient
receiver_verify
sender_verify
sender_verify_fixup
smtp_banner = "${primary_hostname} ESMTP"
# enable real-time blocking
rbl_hosts = +allow_unknown:\
!OUR_SUBNET:\
!LAMERS_IN_RBL
# switched to JANET rbl service 30/07/01
rbl_domains = ns-ulcc.mail-abuse.ja.net \
: relays.orbd.org
#
# rbl-plus.mail-abuse.ja.net
#
# allow mail from rbl'd host to postmaster
recipients_reject_except = postmaster@???
# added by to block spammers not in rbl etc
host_reject = +allow_unknown:\
ns2.eur-o-ne.net:\
*.europeonline.fr:\
*.kofax.com:\
*.nyct.net:\
*.adult-host.nl:\
*.artmarket.com:\
*.protectingyourfiles.com:\
*.virtuadome.com:\
*.ecircle.de:\
*.nombres.ttd.es
