Ok,
I hope I understand it correct. here the relevant
parts(I hope) of my config:
#MAIN
hostlist relay_from_hosts = 127.0.0.1 : 192.168.4.0/24
: 192.168.10.0/24
hostlist friends_with_broken_mx =
/etc/exim/friends_with_broken_mx
...
helo_try_verify_hosts = *
...
#ACL
acl_check_rcpt:
accept hosts = :
#Deny Hosts without rDNS/only mark message,deny later
via exim.filter-file!
warn message = Broken Reverse DNS - no host name
found for IP address $sender_host_address
!verify = reverse_host_lookup
condition =
hosts = !+relay_from_hosts :
!lsearch;/etc/exim/friends_with_broken_mx
#---------------------
accept hosts = +relay_from_hosts
accept domains = +local_domains
endpass
verify = recipient
....
##########################################################
Is it correct or do you have any suggestions?
another syntax question, whats the difference between
these 2 configs, are they identical???
1)
hostlist friends_with_broken_mx =
/etc/exim/friends_with_broken_mx
#in ACL
hosts = !lsearch;/etc/exim/friends_with_broken_mx
2)
hostlist friends_with_broken_mx =
lsearch;/etc/exim/friends_with_broken_mx
#in ACL
!hosts = /etc/exim/friends_with_broken_mx
thx for your help
-----------------------------------------------------------------------
On 15 Dec 2005, at 09:28, Êîâàëåíêî Èâàí wrote:
> Yeah, thats it.
>
I wouldn't say so:
> But for your goals it can be more suitable to use it
in hostlist.
> ut> hello,
> ut> you mean this?!
>
>
> ut> ###############################
> ut> acl_check_rcpt
> ut> # Deny Hosts without reverse DNS
> ut> warn message = Broken Reverse DNS - no host
name
> ut> found for IP address $sender_host_address
> ut> hosts = !+relay_from_hosts
> ut> !verify = reverse_host_lookup
this does not do what it says, that is, it does not
deny.
> ut> accept condition =
> ut> ${lookup{$sender_address}lsearch{/etc/exim/
friends_with_broken_mx}{1}{}}
> ut> ################################
>
and if this one ends here, it might make your server a
partially open relay. Unless your
friends_with_broken_mx are also hosts you want to
relay from, it is missing two things:
domains = +local_domains
verify = recipient
but this is better accomplished by adding it as a
negative condition to the corresponding deny rule.
Leave the accept alone and instead have
deny message = Broken Reverse DNS - no host name
condition =
hosts =
!lsearch;/etc/exim/friends_with_broken_mx
[the broken rDNS check]
(not checked!)
Also, if a "friend" has got a badly configured mx, I
would want to check that it cannot also be a source
of virus, relay or not relay.
Oh, your MUA seems to be setting the wrong encoding
for your name, it is
?ISO-8859-1?B?yu7i4Ovl7eruIMji4O0=?=, but I presume it
should be ISO-8859-5.
Giuliano
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
