At 7:11 am -0500 2004/05/23, Mike Oliveri wrote:
>Hello,
>
>I've just spent the night upgrading a FreeBSD server and moving from
>Exim 3.36 to 4.22. I can send mail from Pine logged in to the machine
>directly, but if I try to send from any client, I run afoul of my
>acl_smtp_rcpt somehow. For the most part I've returned it to the
>default setup, and tried killing the recipient verifications to see if
>that's the problem. Here's my ACL (guiding comments, etc., trimmed):
>
>acl_check_rcpt:
> accept hosts = :
> deny local_parts = ^.*[@%!/|] : ^\\.
> accept local_parts = postmaster
^^^^^^^^^^^^^^^^^^ open relay for postmaster@anydomain
you must add domains = +local_domains (or whatever list you use for
the local domains)
> # Deny our own blacklisted domains
> # deny domains = +deny_domains #tried this both enabled
>and disabled
what is this? domains applies to the recipient domain, so why would
you deny certain recipien domains?
> # require verify = sender #tried this enabled and disabled
> accept domains = +local_domains
> # endpass
> # verify = recipient/callout=10s
> accept domains = +relay_to_domains
> # endpass
> # verify = recipient
ugh! why don't you verify the recipient??
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
is the standard for local domains. You use callout only for non local ones.
> accept hosts = +relay_from_hosts
> accept authenticated = *
> deny message = relaying and spam not permitted
>
>I get the "relaying and spam not permitted" message, so I figure it
>has to be the ACL and I'm too tired to see what I'm missing.
of course it is not the acl. You would not get to the last deny if it
was denied earlier. The only accepts that should work in this case
are the +relay_from_hosts or the authenticated one. So I presume your
faililng hosts are not in the list of relay hosts and they attempt to
authenticate but fail.
>local_domains is a file (domainlist local_domains = /etc/sendmail.cw)
>containing a plain list of local domains. relay_from_hosts is the same
>list of hosts I copied over from the previous setup, and is a
>colon-delimited list of host names and IP addresses. There are no
>relay_from_hosts defined. I've tried deny_domains enabled and disabled
you definitely must be tired. Is relay_from_hosts empty or not then?
>as mentioned, but it, too, is a simple list of domains I pulled from a
>spammer list somewhere. The files are owned by root but are
as I said deny_domains is not acting as you think.
>world-readable.
>
>Again, I suspect I'm too tired or I just missed something in the book.
>Any help would be greatly appreciated.
have a sleep, get some coffee and look at your authentication (that
is probably not happening) or at your relay_from_hosts list.
Giuliano
