I've been bitten by this a number of times and wondered if anyone had
a) done the same, and b) come up with a solution....
In the configuration file of our outbound mail gateway I have a host
list relay_hosts of all hosts allowed to relay mail. In the ACL for
acl_smtp_rcpt I have the following:
accept hosts = +relay_hosts
#
# If we've got this far it means the source and recipient are outside
our control
# and thus someone is trying to use us as a relay.
#
deny message = relay not permitted
This is all fine and dandy until the entry for one of the hosts in
relay_hosts is deleted from DNS. As Exim works its way through the
list to verify if a sending host is allowed to relay mail, it hits the
entry for the now defunct host, tries a forward DNS lookup to get an
IP address to compare with that of the sending host and, because the
lookup fails, immediately considers the sending host to not be in the
list thus causing delivery to fail with the "relay not permitted"
message. Unfortunately, any attempt to relay mail by a host in the
list after the defunct host also results in a "relay not permitted"
rejection.
I'm trying to determine if it's possible to have Exim parse the entire
list, only rejecting if the sending IP address didn't match any of
those returned by looking up each host, or at the very least flag up
some sort of warning that the host list contains addresses that can't
be resolved.
Thoughts?
--
Paul Walsh
Head of Unix/Linux Systems Services,
Corporate ICT,
Birmingham City University,
City North Campus, Perry Barr,
BIRMINGHAM B42 2SU, UK
Tel: +44 (0)121 331 5708
Fax: +44 (0)121 356 2875
Mobile: +44 (0)7974 150 421
