Re: [exim] how to stop exim from reverse lookup check fortru…

Top Page
Delete this message
Reply to this message
Author: KHALID SHAWKAT
Date:  
To: Mark Smith, exim-users
CC: 
Subject: Re: [exim] how to stop exim from reverse lookup check fortrustedIPs...
Hello Mark,


Thank you for your reply and suggestion. I did removed everything from
ACL using WHM's advanced mode and found that the following lines are added
by WHM in the "begin ACL" section - every time I delete them:

------------
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists 
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists 
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}



  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists 
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} 
\
                {yes}{no}}


  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists 
{/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} 
\
                {yes}{no}}


#if it gets here it isn't mailman

#sender verifications are required for all messages that are not sent to
lists

require verify = sender
accept domains = +local_domains
endpass

#recipient verifications are required for all messages that are not sent
to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. Please check all recipients
of this message to verify they are valid."
verify = recipient

accept domains = +relay_domains

  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
        hosts = +relay_hosts
  accept  hosts = +relay_hosts


  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
        condition = ${perl{checkrelayhost}{$sender_host_address}}
  accept  condition = ${perl{checkrelayhost}{$sender_host_address}}


  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication 
turned on in your email client.
          authenticated = *


  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication 
turned on in your email client.



#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept
------------

I can see the following messages in WHM at the time of saving the file:

-------------
Exim version 4.51 #1 built 18-May-2005 20:36:21
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.1.25: (February 27, 2004)
Support for: iconv() PAM Perl OpenSSL Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Configuration file is /etc/exim.conf.buildtest
`/etc/exim.conf.buildtest' -> `/etc/exim.conf'

Attempting to restart exim
--------------

It appears that exim.conf.buildtest is overwritting the exim.conf file
every time
I make any changes in the ACL. Anyway, My client still can not send emails
from
his IP even though all the RBL setups are gone.

Now, if I don't delete anything in the ACL section and only remove the
option
"Verify the existance of email senders" then my clients can send emails
from their IP.
I checked that two options are being removed by WHM from exim.conf file.
The
options are (require verify = reverse_host_lookup) & (require verify =
sender). But
with all the surprise, I found that both of the options are there - when I
try to edit them
through WHM's advanced option. I checked them again in SSH and couldn't
find those
options in exim.conf file. Finally, I figured that WHM is displaying the
file
'exim.conf.local' - which contains only the ACL section of exim.conf.

So, if I comment out the two options (require verify = reverse_host_lookup)
&
(require verify = sender) using WHM's advanced editor then they only change
in the
file "exim.conf.local" file and my clients still can't send emails. But if
I disable the option
"Verify the existance of email senders" then it effects exim.conf file and
my clients can
send out emails. Exim can still check hostnames for all incoming emails
since both of
the options are still there in "exim.conf.local" file.

My question is how can I keep both of the options in both files (exim.conf
& exim.conf.local)
and stop exim checking my client's IPs? I have another issue, which is some
of my client's
business partners can not send emails to them even after putting them in
white list. They
are either getting rejected messages because of the failed hostname lookup
or blacklisted
IPs. I was wondering if you can point me to the right direction. I believe
that we made
some progress and probably moving to the right direction.

Thank you once again for all your support...


Khalid




----- Original Message -----
From: "Mark Smith" <exim-users@???>
To: "'KHALID SHAWKAT'" <iquest@???>; <exim-users@???>;
"'SALES'" <sales@???>
Sent: Wednesday, July 13, 2005 11:52 PM
Subject: RE: [exim] how to stop exim from reverse lookup check
fortrustedIPs...


|
| Khalid

|
| Try replacing everything in your ACL section with the contents of the
| attached file, and see whether it makes any difference.

|
| You can test it yourself by going into SSH and typing

|
| exim -bhc 70.156.1.178
| EHLO FALCON
| MAIL FROM: user@???
| RCPT TO: localuser@???
| DATA
| Whatever
| .
| QUIT

|
| - Mark
|