Re: [Exim] Can't send mail; not seeing the problem

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Giuliano Gavazzi
Datum:  
To: Mike Oliveri, exim-users
Betreff: Re: [Exim] Can't send mail; not seeing the problem
At 7:11 am -0500 2004/05/23, Mike Oliveri wrote:
>Hello,
>
>I've just spent the night upgrading a FreeBSD server and moving from
>Exim 3.36 to 4.22. I can send mail from Pine logged in to the machine
>directly, but if I try to send from any client, I run afoul of my
>acl_smtp_rcpt somehow. For the most part I've returned it to the
>default setup, and tried killing the recipient verifications to see if
>that's the problem. Here's my ACL (guiding comments, etc., trimmed):
>
>acl_check_rcpt:
>   accept  hosts = :
>   deny    local_parts   = ^.*[@%!/|] : ^\\.
>   accept  local_parts   = postmaster


     ^^^^^^^^^^^^^^^^^^ open relay for postmaster@anydomain
you must add domains = +local_domains (or whatever list you use for
the local domains)



>   # Deny our own blacklisted domains
>   # deny        domains = +deny_domains   #tried this both enabled
>and disabled


what is this? domains applies to the recipient domain, so why would
you deny certain recipien domains?

>   # require verify        = sender   #tried this enabled and disabled
>   accept  domains       = +local_domains
>   #       endpass
>   #       verify        = recipient/callout=10s
>   accept  domains       = +relay_to_domains
>   #        endpass
>   #        verify        = recipient


ugh! why don't you verify the recipient??

   accept  domains       = +local_domains
           endpass
           message       = unknown user
           verify        = recipient


is the standard for local domains. You use callout only for non local ones.

>  accept  hosts         = +relay_from_hosts
>  accept  authenticated = *
>  deny    message       = relaying and spam not permitted

>
>I get the "relaying and spam not permitted" message, so I figure it
>has to be the ACL and I'm too tired to see what I'm missing.


of course it is not the acl. You would not get to the last deny if it
was denied earlier. The only accepts that should work in this case
are the +relay_from_hosts or the authenticated one. So I presume your
faililng hosts are not in the list of relay hosts and they attempt to
authenticate but fail.

>local_domains is a file (domainlist local_domains = /etc/sendmail.cw)
>containing a plain list of local domains. relay_from_hosts is the same
>list of hosts I copied over from the previous setup, and is a
>colon-delimited list of host names and IP addresses. There are no
>relay_from_hosts defined. I've tried deny_domains enabled and disabled


you definitely must be tired. Is relay_from_hosts empty or not then?

>as mentioned, but it, too, is a simple list of domains I pulled from a
>spammer list somewhere. The files are owned by root but are


as I said deny_domains is not acting as you think.

>world-readable.
>
>Again, I suspect I'm too tired or I just missed something in the book.
>Any help would be greatly appreciated.


have a sleep, get some coffee and look at your authentication (that
is probably not happening) or at your relay_from_hosts list.

Giuliano