On 2006-02-17 at 10:28 -0000, Edward Kay wrote:
> relay_hosts is a hostlist defined as:
>
> hostlist relay_hosts = lsearch;/etc/relayhosts : \
> lsearch;/etc/relayhosts.omniquad : \
> localhost
>
> The two files /etc/relayhosts.omniquad and /etc/relayhosts contain lists of
> IP addresses, one per line (including 217.158.66.28).
>
> The acl_smtp_rcpt ACL is set in /etc/exim.conf.TESTING as just:
>
> accept hosts = +relay_hosts
That's matching hostnames for the lookup, not IP addresses.
See section 10.12 of the Spec.
Witness:
> >>> check hosts = +relay_hosts
> >>> sender host name required, to match against lsearch;/etc/relayhosts
> >>> looking up host name for 217.158.66.28
> >>> IP address lookup yielded g1.mailwallremote.com
> >>> gethostbyname looked up these IP addresses:
> >>> name=g1.mailwallremote.com address=217.158.66.28
> >>> checking addresses for g1.mailwallremote.com
> >>> 217.158.66.28 OK
So it's found the hostname and confirmed that there's matching forward
DNS as a security measure.
Making another improvement too, so that you can use netblocks in CIDR
notation (a.b.c.d/len) in the files and optimising to check localhost
first before doing file I/O, and also dealing with connections which
appear to come from other IP addresses of the local machine, try:
hostlist relay_hosts = @[] : \
net-iplsearch;/etc/relayhosts : \
net-iplsearch;/etc/relayhosts.omniquad
--
I am keeping international relations on a peaceable footing.
You are biding your time before acting.
He is coddling tyrants.
-- Roger BW on topic of verb conjugation