RE: [exim] how to stop exim from reverse lookup check for tr…

Top Page
Delete this message
Reply to this message
Author: Mark Smith
Date:  
To: exim-users
Subject: RE: [exim] how to stop exim from reverse lookup check for trustedIPs...


> -----Original Message-----
> From: KHALID SHAWKAT [mailto:iquest@bellsouth.net]
> Sent: 14 July 2005 04:59
> To: Mark Smith; exim-users@???
> Subject: Re: [exim] how to stop exim from reverse lookup
> check for trustedIPs...
>
> Thank you Mark. I did comment out the line "require verify
> reverse_host_lookup" and move "!authenticated = *" just after
> "local_parts = postmaster:abuse" but still the result is
> same. Yes, my clients has been trying to use my mail server
> and they can send mail comfortably using a different ISP.
> None of them can send email with their own ISPs and the IP
> addresses of those ISPs does not have any PTR record or 'A'
> record in PTR.
> They both can send emails though - if I disable the option
> "Verify the existance of email senders" from WHM/cPanel. Some
> of their partners can not send email even though they are in
> the whitelist. I checked that the guys, who can not send
> email have some issues with PTR record. I think that the
> problem is with that WHM option since I tried with default
> exim config setup with the same result. Do you've any
> suggestion how to make these IPs in a trusted list even
> before the option (Verify the existance of email senders)
> start checking for rDNS?


I find this rather strange, as I actually copied your exim.conf and tried
running it with the IPs you listed. The place where they got rejected was at
the reverse lookup, and after taking that out, both IPs were accepted.

As far as I know, the only thing WHM's "Verify the existence of email
senders" option does is to add "require verify = sender" to the RCPT ACL and
"require verify = header_sender" to the DATA ACL, and your users are being
rejected before Exim even gets to those points.

You shouldn't need to put local users in a trusted list. You need to have an
"accept authenticated = *" line in the RCPT ACL that comes before you do all
the RBL and lookup tests.

I don't understand what this stanza is supposed to achieve:

accept
domains = +local_domains
local_parts = postmaster:abuse
!hosts = @[]
!authenticated = *

Why do you not want to accept mail to postmaster from authenticated users?

- Mark