On Wed, Jun 23, 2004 at 07:28:33PM +0100, Peter McEvoy said:
> On Wed, Jun 23, 2004 at 11:39:02PM +0530, Suresh Ramasubramanian wrote:
> > <quote who="Peter McEvoy">
> > > Tried that, seems to have the negative side effect of making my system
> > > an open relay.
> > How come?
> Have a look at this -
>
> morbo:/etc/exim4# exim -bh 194.46.13.1
> 220 morbo.yerma.org ESMTP Exim 4.30 Wed, 23 Jun 2004 19:16:44 +0100
> mail from: test@???
> 250 OK
> rcpt to: test@???
> >>> using ACL "check_recipient"
> >>> processing "accept"
> >>> check hosts = +auth_relay_hosts
> >>> host in "*"? yes (matched "*")
> >>> host in "+auth_relay_hosts"? yes (matched "+auth_relay_hosts")
> >>> accept: condition test succeeded
> 250 Accepted
That's because you have a
hostlist auth_relay_hosts = *
somewhere. If you need the hostlist, then it should be used for
something, but a hostlist that expands to * doesn't seem helpful for
querying in acl's.
I think what you are trying to do is only relay if authenticated, and
offer auth to all, correct? You want a
accept authenticated = *
early in your acl's, and you want to set up server side auth, so that it
is advertised. I would think that's all you need to do.
--
--------------------------------------------------------------------------
| Stephen Gran | After all, all he did was string |
| steve@??? | together a lot of old, well-known |
| http://www.lobefin.net/~steve | quotations. -- H.L. Mencken, on |
| | Shakespeare |
--------------------------------------------------------------------------