Re: [exim] authentication / relay

Top Page
Delete this message
Reply to this message
Author: Seth Dillingham
Date:  
To: Exim Users, Seth Dillingham
Subject: Re: [exim] authentication / relay
On Thu, Apr 28, 2011 at 2:24 PM, Dave Evans <exim-users-20081202@???
> wrote:


> Please read http://wiki.exim.org/DontObfuscate then re-post with more
> details
> - I suspect that the key information is in your logs, but you've edited it
> away when posting, which makes it hard for us to help you.
>


Here's the same as my first try, but de-obfuscated. My apologies!

I'm running exim 4.72 to service a small number of users (less than 50) and
to relay mail from a few groupware apps running on one particular machine (
samson.free-conversant.com).

Samson sends email 'from' quite a few different addresses. It can have any
number of group projects, and each group project has a name, and the names
become part of a cluster of associated email accounts, such as "
project1-site@???" and "project1-calendar@???" and "
project1-subscribe@???".

I have samson's FQDN, ip address, and the verizon-generated FQDN for the
public ip address (see below) all added to my relay-from-hosts file, which
then looks something like this:

74.103.212.3
static-74-103-212-3.prvdri.fios.verizon.net
samson.free-conversant.com

The problem I'm having is that mail from samson is being rejected with
verification errors. I thought I had exim configured to relay from samson
correctly, but I've obviously done something wrong.

I'm a n00b. Not going to pretend I know what's wrong. Here's an example
rejection, from my mainlog:

2011-04-25 11:55:27 H=static-74-103-212-3.prvdri.fios.verizon.net (
samson.free-conversant.com) [74.103.212.3] sender verify fail for <
officesite.officeinsight-confirm@???>: Unknown user

2011-04-25 11:55:27 H=static-74-103-212-3.prvdri.fios.verizon.net (
samson.free-conversant.com) [74.103.212.3] F=<
officesite.officeinsight-confirm@???> rejected RCPT <
primages@???>: Sender verify failed

My exim.cf has this:

Under the Main Configuration Settings:

hostlist relay_from_hosts = lsearch;/etc/exim/relay-from-hosts


my acl_check_rcpt contains (among lots of other things):

acl_check_rcpt:

  accept  hosts = :
          control = dkim_disable_verify


  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]


  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


  deny    condition     = ${if eq {$sender_address_local_part}{postmaster} \
                          {true}{false}}
          sender_domains = +local_domains


  deny    condition     = ${if eq {$sender_address_local_part}{nobody} \
                          {true}{false}}
          sender_domains = +local_domains


  accept  local_parts   = postmaster
          domains       = +local_domains


  require verify        = sender


  accept  hosts         = +relay_from_hosts
          control       = submission
          control       = dkim_disable_verify


  accept  authenticated = *
          control       = submission/sender_retain
          control       = dkim_disable_verify
          add_header    = X-Authenticated-Sender: ${sender_address}


  require message = relay not permitted
          domains = +local_domains : +relay_to_domains


require verify = recipient

accept

(Sorry if this is hard to follow.)

Can anyone help me figure this out?

Seth