Re: [exim] How to relay to more than one authenticated serve…

Pàgina inicial
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
A: exim users
Assumpte: Re: [exim] How to relay to more than one authenticated server?
Donald Craig wrote:

> On 2006-09-16, Magnus Holmgren <holmgren@???> wrote:
>
>
>>As section 33.5 says, you can use $host and $host_address as selectors. But
>>you have to use two expansions, like this (untested):
>>
>> login:
>>    driver       =  plaintext
>>    public_name  =  LOGIN
>>    client_send  =  : ${if eq{$host}{foo.example.com}{FOO_ID}{BAR_ID}} \
>>                    : ${if eq{$host}{foo.example.com}{FOO_PWD}{BAR_PWD}}

>
>
> And that's all very well, but the problem I have is that several
> of the hosts I am relaying to have different actual DNS names than
> the one I use to contact them.
>
> I know the contact name, but if I use that in client authenticator
> expansions it fails to match $host, because $host is rewritten with
> the primary DNS name. As an example, connecting to
> smtp.sbcglobal.yahoo.com
> will yield
> smtp.sbc.mail.yahoo4.akadns.net
> and
> smtp.gmail.com
> will yield
> gmail-smtp.l.google.com
> in $host. And, over time, this can change without notification.
>
> Is it possible to access the hostname I used to connect
> inside the exim client authenticator rules? Is there some
> other way to structure this?
>
> cheers,
> Don Craig
>


What might work (conceptual, not code sample).

A) use a 'warn' verb to determine what the *current* DNS returns for your targets.

B) Save that as an ordinary string, not a hostname.

C) Vet that against a list, or 'map' it to another string if need be.

D) Feed the *string* back into a (modified) version of the above, NOT using the
$host expansion construct. Your objective is to say:

"use this verbatim, it has been checked, no callout / DNS lookup wanted"

- That way the lookup vagaries are 'handled' and adjusted before entering the
selector.

We do something similar with hostnames & IP's when blacklisting/whitelisting.
String match only - no DNS check wanted - we *know* who they are or they
woudldn't be in the list.

HTH,

Bill