[Exim] host_lookup, 0.0.0.0/0 and +allow_unknown question

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Leigh Dodd
Date:  
À: exim-users
Sujet: [Exim] host_lookup, 0.0.0.0/0 and +allow_unknown question
Hi

I'm upgrading our EXIM to 4.3 but looking at our old 3.22 config file can
someone explain to me how the host_lookup, 0.0.0.0/0 and +allow_unknown all
work together to stop unknown mailers from getting ?

Thanks

Leigh

<part of config file - domain and ip addresses changed :-) >

# macro definitions - live settings
SMTP_PORT = "smtp"

# local subnet definition to prevent rbl lookup for local hosts
# this should prevent imap delay when upstream routers barf

OUR_SUBNET = 123.456.789.0/24

# host macro to allow rbl'd hosts to send mail.
#

LAMERS_IN_RBL =

# hosts we want to accept mail from that can't do reverse DNS lookup
# (nb: require ! before each one)
HOST_LOOKUP_EXCEPTIONS = !128.242.207.107

######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


# set port for picking up smpt connections
daemon_smtp_port = SMTP_PORT

qualify_domain = somedomain.ac.uk

# local domains are either itri.brighton.ac.uk (for mail form outside)
# or *.itri.brighton.ac.uk (for mail forwarded from ITRI clients)
# also allow localhost
local_domains = "somedomain.ac.uk: \
                *.somedomain.ac.uk: \
                localhost"


forbid_domain_literals

# may want to add more in future?
never_users = root

# reverse lookup all incoming addresses except those listed in
# HOST_LOOKUP_EXCEPTIONS. NB: for this to work properly all other
# host-list-valued vars must include '+allow_unknown', otherwise
# reverse lookup just fails hen (ie we use host_lookup as the *only*
# mechanism to block reverse DNS lookup failure).
host_lookup = HOST_LOOKUP_EXCEPTIONS: 0.0.0.0/0

# accept outgoing relaying from ITRI subnet
host_accept_relay = +allow_unknown:\
    localhost:123.456.789.0/24:


# Remove frozen messages after 12 hours
ignore_errmsg_errors_after = 12h

primary_hostname = mailhost.somedomain.ac.uk

receiver_unqualified_hosts = +allow_unknown:\
    *.somedomain.ac.uk
sender_unqualified_hosts = +allow_unknown:\
    *.somedomain.ac.uk


# enable sender verification (with fixup), but not recipient
receiver_verify
sender_verify
sender_verify_fixup

smtp_banner = "${primary_hostname} ESMTP"

# enable real-time blocking
rbl_hosts = +allow_unknown:\
    !OUR_SUBNET:\
    !LAMERS_IN_RBL


# switched to JANET rbl service  30/07/01
rbl_domains = ns-ulcc.mail-abuse.ja.net \
    : relays.orbd.org
#
# rbl-plus.mail-abuse.ja.net
#
# allow mail from rbl'd host to postmaster
recipients_reject_except = postmaster@???


# added by to block spammers not in rbl etc
host_reject = +allow_unknown:\
    ns2.eur-o-ne.net:\
    *.europeonline.fr:\
    *.kofax.com:\
    *.nyct.net:\
    *.adult-host.nl:\
    *.artmarket.com:\
    *.protectingyourfiles.com:\
    *.virtuadome.com:\
    *.ecircle.de:\
    *.nombres.ttd.es