RE: [Exim] Relay

Top Page
Delete this message
Reply to this message
Author: Ruth Ivimey-Cook
Date:  
To: 'Rahul'
CC: exim-users
Subject: RE: [Exim] Relay
Rahul,

> Thanx for your replies.... but there is one more option we
> can have ... I have all the addresses in mysql Db is it
> possible to check from Db and then allow the relay.. and its


If you mean you have a database with fields that include the IP Address
(e.g. 129.2.2.1) of allowed senders, then it is _possible_ to allow sender
relay based on that, although there is still a chance of spoofing (the
sender IP address in an IP packet is _not_ necessarily truly the IP address
of the sender). Moreover, there are many situations when clients don't have
a long-lived IP address, so this might not be a usable solution for you.

If you mean you have database with fields that include the textual name of
the allowed senders (e.g. xyzzy.wibble.org) as the only verification, then
you are at the mercy of the DNS database, as others have said. If a spammer
manufactures a mail and DNS records such that it is an apparently ok sender
then you will relay incorrectly to the detriment of all (including you).

Overall neither method is recommended although using an IP address in the DB
is _slightly_ less insecure.

> not recomended for me to apply smtp Auth ....


Can you explain why, because this next bit:

> because at this time i am using 2 servers one as
> smtp(exim3.x) and another as pop(4.20 with exiscan,
> spamassassin, sa-exim).


does not (a) make much sense to me (exim doesn't do POP) and (b) having two
mail servers is not any kind of bar to using authentication, as far as I
know.

> i wanted to combine both of these
> servers... and more over this machine have got 40 IP's and 40
> different MX records for 40 different domains....


Multiple IP servers are a very common thing and there are many places where
instructions to do it can be found. Exim can be set up for such situations
very easily.

> that's what i am confused about..


I suggest you write us an email and say what the objective is (not what how
you think you might achieve it). E.g. "I have a mail server serving 40 mail
domains. My clients use xxx to connect and it must/must not use yyy. What
should I do next?"


Ruth