Re: [exim] Exim 4 / Cpanel and Domain Literals

Top Page
Delete this message
Reply to this message
Author: Bill Hacker
Date:  
To: Exim-users
CC: 
Subject: Re: [exim] Exim 4 / Cpanel and Domain Literals
Dave Topping (mail@???) wrote:

> I'm currently running Exim 4 on WHM 10.0.0 cPanel 10.0.0-C84
> RedHat Enterprise 3 i686 - WHM X v3.1.0
>
>     quote:The exim.conf file contains the following directive and comment:
>     # If you want to accept mail addressed to your host's literal IP
> address, for
>     # example, mail addressed to "user@???", then uncomment the
>     # following line, or supply the literal domain(s) as part of
> "local_domains"
>     # above.

>
>     # local_domains_include_host_literals

>
>
> When I uncomment the above line and restart exim (service exim restart), I
> receive the following error:
>
>     quote:
>     Exim configuration error in line 130 of /etc/exim.conf:
>     main option "local_domains_include_host_literals" unknown

>
>
>
> Does this mean I can't do this?
>
> If so, it's a clear breach of RFC1123 5.2.17:
>
> From:
> http://www.freesoft.org/CIE/RFC/1123/102.htm
>
>     quote:5.2.17 Domain Literals: RFC-822 Section 6.2.3

>
>     A mailer MUST be able to accept and parse an Internet domain literal
> whose content ("dtext"; see RFC-822) is a dotted- decimal host
> address. This satisfies the requirement of Section 2.1 for the case of
> mail.

>
>     An SMTP MUST accept and recognize a domain literal for any of its own
> IP addresses

>
> How can I manually override this?
>


Haven't a clue what cpanel is, does, doesn't do, you may have to 'map'
this to it:

The relevant entries in a 'proper' Exim configure file are a set.
Both must be set to handle domain literals (or NOT).

In 'main' - the section prior to the acl's, default commented out:

#allow_domain_literals

IF you uncomment that, then you must also uncomment, in the matching
router (first one in a configure.default example):

# domain_literal:
# driver = ipliteral
# domains = ! +local_domains
# transport = remote_smtp

The RFC is just what is says it is: A 'Request For Comment'. Most
Internet 'standards' are a consensus - or not.

Most sysadmins no longer see merit in use of domain literals vis
possible abuse/exploits, and do not enable them.
YMMV.

FWIW, In our shop we enable them for testing boxes not yet ready to
take-on the 'normal' <domain>.<tld> load from an older box, then shut
them off when going 'live'. In this role, ability to work with a 'raw'
IP is most helpful.

HTH,

Bill Hacker