On Mon, 14 Aug 2006, Bob Johnson wrote: > Assume host_lookup = * for all of these, and I'm using Exim 4.60.
All host_lookup = * does is to force a lookup of the host name from the IP address, regardless of whether or not the name is actually needed for any tests. Otherwise, the name is looked up only when it is needed. So the setting of host_lookup is not relevant to your questions below. > First, the easy one: > > accept hosts = +relay_from_hosts > > This, of course, works, but I'm not sure I understand what it is doing > internally. Am I correct in believing the hosts condition is comparing the > known IP number of the connected host to the IP numbers of the hosts listed > in relay_from_hosts, doing DNS lookup to find the IP numbers if necessary? Yes if you list host names in the list. No if you list wild cards such as *.domain.example. This is explained in http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch10.html#SECThostlist > Now, if I do the following in an RCPT ACL: > > accept hosts = lsearch;/exim/whitelisted-hosts > > what happens if whitelisted-hosts is a list of fully qualified DNS names? > Does it look those names up in DNS and find their IP numbers to compare to > the connected host's IP number (which is what the Exim 4 book seems to be > telling me)? No. It does that if you have accept hosts = /exim/white-listed-hosts (see the subtle difference?). If you use lsearch (or any kind of lookup), it searches the file for the host name, which it must find by reverse DNS lookup. http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch10.html#SECThoslispatnamsk > The next one (again in an RCPT ACL) is > > accept hosts = iplsearch;/exim/whitelisted-IPs > > where whitelisted-IPs is file containing a list of IP numbers. This will not work, because it won't ever find the host name in a list of IP numbers. > I expected this to compare the IP number of the connected host to the > IP numbers in the file, in an intelligent way that understands > netmasks, etc. Instead, I get a warning that I need to use > net-iplsearch for this. Why must I use net-iplsearch instead of just > iplsearch? net-iplsearch does what I want, but I don't understand why > I need it. Because the default for any lookup in a host list is to use the host name as the key. [With hindsight, it might have been better to choose the alternative, but it's too late now.] At the level where Exim is processing the list, it does not know that iplsearch is designed for IP addresses. It is "just another lookup" such as lsearch, dbm, cdb, or whatever. There's internal interface between the main part of Exim and the lookups (so it's easy to plug in new ones) and for these kinds of lookup the interface is "pass over a key and a file name, get back a string or 'not found'". If you say hosts = lookup-type;/some/file Exim passes over the host name as the key. If you say hosts = net-lookup-type;/some/file Exim passes over the IP address as the key. I fully accept that this is one of the rougher corners of Exim's design, and could have been thought out better. Part of the background is that this all "grew" as Exim developed. iplsearch is a relatively new lookup type. > Finally, if I use one of the above in something like: > > accept set acl_m0 = Message arriving from a trusted host. > hosts = lsearch;/exim/whitelisted-hosts > > Does acl_m0 always end up with the text message assigned to it, or does it > only get the assignment if the hosts condition is true and results > in "accepted"? What if I change the order of the "set" and "hosts" lines? It always gets set. If you change the order, it only gets set if the condition is true. ACL conditions and modifiers are processed in order until the outcome is known. The outcome is known either when a condition is false, or the end of the list is reached (all conditions are true). http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch39.html#id2664470 -- Philip Hazel University of Cambridge Computing Service Get the Exim 4 book: http://www.uit.co.uk/exim-book -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
