Re: [exim] ldapm; for relay check

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andy Rabagliati
Date:  
À: exim-users
Sujet: Re: [exim] ldapm; for relay check
On Mon, 22 Aug 2005, Tony Finch wrote:

> On Sun, 21 Aug 2005, Andy Rabagliati wrote:
> >
> > [root@barn exim]# exim -bh 1.2.3.4
>
> Try running this with -d+expand so we can see what Exim is getting back
> from the LDAP lookup.


I have flattened my LDAP schema, and the macro now looks like :-

#####################################################
domainlist relay_domains = ldapm;ldap::///ou=wizzy?associatedDomain?one?

against the same acl of

#####################################################
# deny non-local domains
  deny !domains = +local_domains : +relay_domains
         message = We do not relay


with an example directory entry looking like

# nansindlela, wizzy
dn: dc=nansindlela,ou=wizzy
objectClass: uucpHostClass
objectClass: domainRelatedObject
objectClass: dNSDomain
objectClass: simpleSecurityObject
mXRecord: 20 tsf.wizzy.org.za
mXRecord: 30 smtp.wizzy.org.za
schoolDistrict: KZN
description: Pentium server
dc: nansindlela
uuHost: nansindlela
uuRoute: nansindlela
associatedDomain: nansindlela.wizzy.org.za
userPassword:: bm9tezFtbw==

# /usr/sbin/exim -C /tmp/exim.conf -bh 1.2.3.4 -d+expand 2> exim.out

yields the following output. I didn't delete anything before the match.

Thanks very much for your help.

Cheers,    Andy!


#####################################################

Exim version 4.52 uid=0 gid=0 pid=27680 D=fbb95dfd
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (February 22, 2005)
Support for: iconv() PAM
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dsearch ldap ldapdn ldapm mysql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=27680
auxiliary group list: <none>
configuration file is /tmp/exim.conf
log selectors = 00000ffc 00020800
trusted user
admin user
changed uid/gid: privilege not needed
uid=93 gid=93 pid=27680
auxiliary group list: <none>
finduser used cached passwd data for uucp
originator: uid=0 gid=0 login=root name=root
sender address = root@???
sender_fullhost = [1.2.3.4]
sender_rcvhost = [1.2.3.4]
host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from [1.2.3.4]
host in host_lookup? yes (matched "0.0.0.0/0")
looking up host name for 1.2.3.4
DNS lookup of 4.3.2.1.in-addr.arpa (PTR) gave HOST_NOT_FOUND
returning DNS_NOMATCH
IP address lookup using gethostbyaddr()
IP address lookup failed: h_errno=1
LOG: host_lookup_failed MAIN
no host name found for IP address 1.2.3.4
sender_fullhost = [1.2.3.4]
sender_rcvhost = [1.2.3.4]
set_process_info: 27680 handling incoming connection from [1.2.3.4]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
result: barn.wizzy.org.za ESMTP Exim 4.52 Mon, 22 Aug 2005 16:14:26 +0200
SMTP>> 220 barn.wizzy.org.za ESMTP Exim 4.52 Mon, 22 Aug 2005 16:14:26 +0200

smtp_setup_msg entered
SMTP<< EHLO wizzy.com
wizzy.com in helo_lookup_domains? no (end of list)
sender_fullhost = (wizzy.com) [1.2.3.4]
sender_rcvhost = [1.2.3.4] (helo=wizzy.com)
set_process_info: 27680 handling incoming connection from (wizzy.com) [1.2.3.4]
host in pipelining_advertise_hosts? yes (matched "*")
host in auth_advertise_hosts? yes (matched "*")
SMTP>> 250-barn.wizzy.org.za Hello wizzy.com [1.2.3.4]

250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
SMTP<< MAIL FROM: <andyr@???>
SMTP>> 250 OK

SMTP<< RCPT TO: <andyr@???>
using ACL "check_recipient"
processing "deny"
check local_parts = ^.*[@%!/|] : ^\\.
expanding: ^.*[@%!/|] : ^\\.
result: ^.*[@%!/|] : ^\.
andyr in "^.*[@%!/|] : ^\."? no (end of list)
deny: condition test failed
processing "accept"
check hosts = :
host in ":"? no (end of list)
accept: condition test failed
processing "accept"
check authenticated = *
accept: condition test failed
processing "deny"
check !domains = +local_domains : +relay_domains
ez.no in "wizzy.org.za : barn.wizzy.org.za"? no (end of list)
search_open: ldapm "NULL"
search_find: file="NULL"
key="ldap:///ou=wizzy?associatedDomain?one?" partial=-1 affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=ldapm key="ldap:///ou=wizzy?associatedDomain?one?"
database lookup required for ldap:///ou=wizzy?associatedDomain?one?
LDAP parameters: user=NULL pass=NULL size=0 time=0 connect=0 dereference=0
perform_ldap_search: ldapm URL = "ldap:///ou=wizzy?associatedDomain?one?" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=NULL port=389
ldap_initialize with URL ldap://:389/
initialized for LDAP (v3) server NULL:389
LDAP_OPT_X_TLS_TRY set
binding with user=NULL password=NULL
Start search
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:atlantis-skills.wcape.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:blps.wcape.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:windps.wcape.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:pvps.wcape.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:ppp.wcape.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:spurwing.wcape.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:alice.wcape.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:bunkhouse.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:nooitgedacht.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:nansindlela.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:barn.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:gratton.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:esjnr.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:esangweni.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:eshigh.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:eshowe.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:zibonele.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:westendps.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:gsps.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:lavender.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:pwcfa.com
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:eshowe.com
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:megabook.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:tsf.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:kidzkorner.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:smtp.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:www.wizzy.org.za
LDAP attr loop associatedDomain:admin.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:southgate.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:merryall.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:camptown.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:newprov.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:wangu.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:eshowehigh.kzn.school.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:big.wizzy.org.za
ldap_result loop
LDAP entry loop
LDAP attr loop associatedDomain:little.wizzy.org.za
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 0: Success
LDAP search: returning: atlantis-skills.wcape.school.za
blps.wcape.school.za
windps.wcape.school.za
pvps.wcape.school.za
ppp.wcape.school.za
spurwing.wcape.school.za
alice.wcape.school.za
bunkhouse.wizzy.org.za
nooitgedacht.wizzy.org.za
nansindlela.wizzy.org.za
barn.wizzy.org.za
gratton.wizzy.org.za
esjnr.wizzy.org.za
esangweni.wizzy.org.za
eshigh.wizzy.org.za
eshowe.wizzy.org.za
zibonele.wizzy.org.za
westendps.wizzy.org.za
gsps.wizzy.org.za
lavender.wizzy.org.za
pwcfa.com
eshowe.com
megabook.wizzy.org.za
tsf.wizzy.org.za
kidzkorner.wizzy.org.za
smtp.wizzy.org.za
www.wizzy.org.za, admin.wizzy.org.za
southgate.wizzy.org.za
merryall.wizzy.org.za
camptown.wizzy.org.za
newprov.wizzy.org.za
wangu.wizzy.org.za
eshowehigh.kzn.school.za
big.wizzy.org.za
little.wizzy.org.za
lookup yielded: atlantis-skills.wcape.school.za
blps.wcape.school.za
windps.wcape.school.za
pvps.wcape.school.za
ppp.wcape.school.za
spurwing.wcape.school.za
alice.wcape.school.za
bunkhouse.wizzy.org.za
nooitgedacht.wizzy.org.za
nansindlela.wizzy.org.za
barn.wizzy.org.za
gratton.wizzy.org.za
esjnr.wizzy.org.za
esangweni.wizzy.org.za
eshigh.wizzy.org.za
eshowe.wizzy.org.za
zibonele.wizzy.org.za
westendps.wizzy.org.za
gsps.wizzy.org.za
lavender.wizzy.org.za
pwcfa.com
eshowe.com
megabook.wizzy.org.za
tsf.wizzy.org.za
kidzkorner.wizzy.org.za
smtp.wizzy.org.za
www.wizzy.org.za, admin.wizzy.org.za
southgate.wizzy.org.za
merryall.wizzy.org.za
camptown.wizzy.org.za
newprov.wizzy.org.za
wangu.wizzy.org.za
eshowehigh.kzn.school.za
big.wizzy.org.za
little.wizzy.org.za
ez.no in "ldapm;ldap::///ou=wizzy?associatedDomain?one?"? yes (matched "ldapm;ldap:///ou=wizzy?associatedDomain?one?")
data from lookup saved for cache for +relay_domains: atlantis-skills.wcape.school.za
blps.wcape.school.za
windps.wcape.school.za
pvps.wcape.school.za
ppp.wcape.school.za

[ ... ] rest deleted