Re: [exim] hostlist check failing

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Edward Kay
CC: exim-users
Subject: Re: [exim] hostlist check failing
On 2006-02-17 at 10:28 -0000, Edward Kay wrote:
> relay_hosts is a hostlist defined as:
>
>   hostlist relay_hosts = lsearch;/etc/relayhosts : \
>       lsearch;/etc/relayhosts.omniquad : \
>       localhost

>
> The two files /etc/relayhosts.omniquad and /etc/relayhosts contain lists of
> IP addresses, one per line (including 217.158.66.28).
>
> The acl_smtp_rcpt ACL is set in /etc/exim.conf.TESTING as just:
>
> accept hosts = +relay_hosts


That's matching hostnames for the lookup, not IP addresses.

See section 10.12 of the Spec.

Witness:
> >>> check hosts = +relay_hosts
> >>> sender host name required, to match against lsearch;/etc/relayhosts
> >>> looking up host name for 217.158.66.28
> >>> IP address lookup yielded g1.mailwallremote.com
> >>> gethostbyname looked up these IP addresses:
> >>> name=g1.mailwallremote.com address=217.158.66.28
> >>> checking addresses for g1.mailwallremote.com
> >>> 217.158.66.28 OK


So it's found the hostname and confirmed that there's matching forward
DNS as a security measure.

Making another improvement too, so that you can use netblocks in CIDR
notation (a.b.c.d/len) in the files and optimising to check localhost
first before doing file I/O, and also dealing with connections which
appear to come from other IP addresses of the local machine, try:

 hostlist relay_hosts = @[] : \
     net-iplsearch;/etc/relayhosts : \
    net-iplsearch;/etc/relayhosts.omniquad


--
I am keeping international relations on a peaceable footing.
You are biding your time before acting.
He is coddling tyrants.
-- Roger BW on topic of verb conjugation