[exim] ldapm; for relay check

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Andy Rabagliati
Fecha:  
A: exim-users
Asunto: [exim] ldapm; for relay check
Folks,

I have had a longterm problem checking for relay_domains using LDAP.

I gave up a while back, and put my relay_domains in a file.

However, I have recently upgraded exim, and wish to flag that there is
still a problem here. I have cut down on unnecessary stuff, and only
(I hope) present the important info. The -bh log contains everything.

If further information is needed, or other suggested tests, I am happy
to try them.

Cheers,     Andy!


################################
My exim :-

$ exim -bV
Exim version 4.52 #1 built 18-Aug-2005 16:50:39
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (February 22, 2005)
Support for: iconv() PAM
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dsearch
ldap ldapdn ldapm mysql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Configuration file is /etc/exim.conf

My config :-

################################
# macros :-
domainlist relay_domains = ldapm;ldap::///dc=wizzy,dc=org,dc=za?associatedDomain?one? : \
                           ldapm;ldap::///dc=wcape,dc=school,dc=za?associatedDomain?one? : \
                           ldapm;ldap::///dc=kzn,dc=school,dc=za?associatedDomain?one?


################################
#!!# ACL that is used after the RCPT command
check_recipient:

# deny non-local domains
  deny !domains = +local_domains : +relay_domains
       message = We do not relay


################################
# Example LDAP entry :-

# nansindlela.wizzy.org.za
dn: dc=nansindlela,dc=wizzy,dc=org,dc=za
objectClass: uucpHostClass
objectClass: domainRelatedObject
objectClass: dNSDomain
objectClass: simpleSecurityObject
mXRecord: 20 tsf.wizzy.org.za
mXRecord: 30 smtp.wizzy.org.za
schoolDistrict: KZN
description: Pentium server
dc: nansindlela
uuHost: nansindlela
uuRoute: nansindlela
associatedDomain: nansindlela.wizzy.org.za
userPassword:: bm9temFtbw==

################################
My test (I need hardly say that neither aol.com nor ez.no are anything to do with me)

[root@barn exim]# exim -bh 1.2.3.4

**** SMTP testing session as if from host 1.2.3.4
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "0.0.0.0/0")
>>> looking up host name for 1.2.3.4
>>> IP address lookup using gethostbyaddr()
>>> IP address lookup failed: h_errno=1

LOG: no host name found for IP address 1.2.3.4
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)

220 barn.wizzy.org.za ESMTP Exim 4.52 Sun, 21 Aug 2005 17:15:45 +0200
EHLO wiz.com
>>> wiz.com in helo_lookup_domains? no (end of list)
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")

250-barn.wizzy.org.za Hello wiz.com [1.2.3.4]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
MAIL FROM: <andyr@???>
250 OK
RCPT TO: <andyr@???>
>>> using ACL "check_recipient"
>>> processing "deny"
>>> check local_parts = ^.*[@%!/|] : ^\\.
>>> andyr in "^.*[@%!/|] : ^\."? no (end of list)
>>> deny: condition test failed
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check authenticated = *
>>> accept: condition test failed
>>> processing "deny"
>>> check !domains = +local_domains : +relay_domains
>>> ez.no in "wizzy.org.za : barn.wizzy.org.za"? no (end of list)
>>> ez.no in "ldapm;ldap::///dc=wizzy,dc=org,dc=za?associatedDomain?one? : ldapm;ldap::///dc=wcape,dc=school,dc=za?associatedDomain?one? : ldapm;ldap::///dc=kzn,dc=school,dc=za?associatedDomain?one?"? yes ( matched "ldapm;ldap:///dc=wizzy,dc=org,dc=za?associatedDomain?one?")
>>> ez.no in "+local_domains : +relay_domains"? yes (matched "+relay_domains")
>>> deny: condition test failed
>>> processing "accept"
>>> check senders = : postmaster
>>> aol.com in ""? no (end of list)