Re: [Exim] authenticated hosts + sbl-xbl

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Peter McEvoy
Datum:  
To: exim-users
Betreff: Re: [Exim] authenticated hosts + sbl-xbl
On Wed, Jun 23, 2004 at 11:39:02PM +0530, Suresh Ramasubramanian wrote:
> <quote who="Peter McEvoy">
> > On Wed, Jun 23, 2004 at 09:49:35AM -0400, Stephen Gran wrote:
> >
> >> Move the accept hosts = +auth_relay_hosts acl to the first place - that
> >> will skip the other checks if they authenticate.
> >
> > Tried that, seems to have the negative side effect of making my system
> > an open relay.
>
> How come?


Have a look at this -

morbo:/etc/exim4# exim -bh 194.46.13.1

**** SMTP testing session as if from host 194.46.13.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 194.46.13.1
>>> IP address lookup yielded fal.thegap.com
>>> gethostbyname2 looked up these IP addresses:
>>> name=fal.thegap.com address=194.46.13.1
>>> checking addresses for fal.thegap.com
>>> 194.46.13.1 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

220 morbo.yerma.org ESMTP Exim 4.30 Wed, 23 Jun 2004 19:16:44 +0100
mail from: test@???
250 OK
rcpt to: test@???
>>> using ACL "check_recipient"
>>> processing "accept"
>>> check hosts = +auth_relay_hosts
>>> host in "*"? yes (matched "*")
>>> host in "+auth_relay_hosts"? yes (matched "+auth_relay_hosts")
>>> accept: condition test succeeded

250 Accepted
data
354 Enter message, ending with "." on a line by itself
test
.
>>> host in ignore_fromline_hosts? no (option unset)
>>> test.com in "yerma.org"? no (end of list)
>>> test@??? in "*@yerma.org"? no (end of list)
>>> using ACL "acl_check_data"
>>> processing "deny"
>>> check demime = *
>>> check condition = ${if >{$demime_errorlevel}{2}{1}{0}}
>>>                 = 0
>>> deny: condition test failed
>>> processing "deny"
>>> check demime = bat:pif:exe:scr:prf:vbs
>>> deny: condition test failed
>>> processing "warn"
>>> check spam = nobody
>>> warn: condition test failed
>>> processing "warn"
>>> check spam = nobody
>>> warn: condition test failed
>>> processing "warn"
>>> check spam = nobody
>>> warn: condition test failed
>>> processing "deny"
>>> check spam = nobody:true
>>> check condition = ${if >{$spam_score_int}{70}{1}{0}}
>>>                 = 0
>>> deny: condition test failed
>>> processing "deny"
>>> check demime = *
>>> check malware = *
>>> deny: condition test failed
>>> processing "accept"
>>> accept: condition test succeeded

LOG: 1BdCJd-0005KC-QM <= test@??? H=fal.thegap.com [194.46.13.1]
P=smtp S=181
250 OK id=1BdCJd-0005KC-QM

**** SMTP testing: that is not a real message id!


Even though the host isnt authenticated, or even trying to use
authentication, it still accepts it.

--
Pete