On Thu, 27 Nov 2008, CLEMENT Francis wrote: > >-----Message d'origine----- > >De : [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] la part de CLEMENT Francis > >Envoyé : jeudi 27 novembre 2008 09:58 > >À : '[email protected]' > >Objet : [xmail] glst 0.27 xnet bug ? > > > > > >Hello Davide > > > >I upgraded recently to glst 0.27 due to mnet problem (recent > >discussion on > >this list) > > > >Now, trying to send a mail from the server itself I got a > >rejection 'try > >later' from glst even if the 'sender ip' is excluded with an > >xnet setting : > > > >Actual glst.conf xnet and mnet : > >mnet=0.0.0.0,0.0.0.0,255.255.255.0 > > > >xnet=172.16.254.0,255.255.255.255 > > > >For a mail send from server itself from "[EMAIL PROTECTED]" to > >"[EMAIL PROTECTED]" I get > >: > > > >Smtp log : > >"myhost" "myhost" "172.16.254.0" "2008-11-27 09:10:10" > >"myhost" "to.com" "[EMAIL PROTECTED]" "[EMAIL PROTECTED]" > >"S4DB2A9" > >"RCPT=OK" "" "0" "" > >"myhost" "myhost" "172.16.254.0" "2008-11-27 09:10:10" > >"myhost" "to.com" "[EMAIL PROTECTED]" "[EMAIL PROTECTED]" > >"S4DB2A9" > >"DATA=EFILTER" "" "0" "" > > > >Sender IP confirmed = 172.16.254.0 > > > >Filters log : > >"[EMAIL PROTECTED]" "[EMAIL PROTECTED]" "172.16.254.0" > >"172.16.254.0" "2008-11-27 > >09:10:10" "pre-data" "" "0" "3" > >"\glst\glst;--mfile;C:\DOCUME~1\_XMAIL~1\LOCALS~1\Temp\msrv6980 > >000045e.tmp;" > > > >In fact Glst returneds 'retry later' !!!! > > > >I did not have this problem with glst 0.25 (never seens 0.26) with > >mnet=0.0.0.0,0.0.0.0,255.255.255.255 (due to mnet problem) and > >same xnet > >settings when sending from same ip 172.16.254.0 > >(I can't try now to return to these old setting to see if 'ok' on 0.27) > > > >Any idea ? > > > >Francis > > > > > > After some inspection in the glst base, I found numerous 'masked' entries > corresponding to all my 'xnet' > So seems xnet settings are not taken into account BEFORE any database access > or mnet 'rule' !?!? > (I cleared the glst database when changed from glst 0.25 to 0.27 and mnet > changes, so it not 'old' entries. Even if old, they should not be read > before all xnet entries applied, no ?)
"mnet" masking is applied *before* "xnet" whitelisting. It makes even sense. If for you a given address set is "the same" (this is what mnet" does), it makes no sense having different policies inside that set. - Davide
_______________________________________________ xmail mailing list [email protected] http://xmailserver.org/mailman/listinfo/xmail
