On Tue, Sep 12, 2006 at 09:39:08AM +0200, Marc Haber wrote: > On Mon, Sep 11, 2006 at 11:15:19PM -0700, Ross Boylan wrote: > > The man page describing local_host_whitelist could be a little clearer. > > > > First, there is no subhead in the DESCRIPTION section for > > local_host_whitelist. > > > > Second, the fact that this file was only mentioned under > > local_host_blacklist, along with the text "For convenience, as an > > additional method to whitelist addresses from being blocked, an > > explicit whitelist is read in from > > /etc/exim4/local_host_whitelist. Entries in the whitelist override > > corresponding blacklist entries. " supported the 2nd of 2 > > interpretations: > > 1) if the sending host is on the whitelist, the message will be > > accepted. > > 2) if the sending host is on the blacklist and the whitelist, it will > > not be blocked because of the whitelist, but it might be blocked for > > other reasons. > > > > I think, after looking at the code, that 1) is what is happening. > > Right.
I don't seem to be getting the behavior of 1). /etc/exim4/local_host_whitelist 63.123.252.6 but I still get 2006-09-12 02:48:48 Direct remote connection from 63.123.252.6 claiming to be EXCHFR102.domain-01.com 2006-09-12 02:49:08 no IP address found for host EXCHFR102.domain-01.com (during SMTP connection from (EXCHFR102.domain-01.com) [63.123.252.6]) 2006-09-12 02:49:48 63.123.252.6 pretending to be EXCHFR102.domain-01.com 2006-09-12 02:50:09 H=(EXCHFR102.domain-01.com) [63.123.252.6] F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: [edresses obscured]. I did an invoke-rc.d exim4 reload before this (though I don't think that should have been necessary). I've customized my rules significantly, not only enabling the check of reverse DNS but plugging in some of my own ACL's or fragments. I need to check exactly what's going on. > > > At the moment, it happens to be what I want (in particular, someone > > is sending me mail from a machine without proper DNS entries). > > > > So I think it would be good to give local_host_whitelist a separate > > entry, and to clarify if interpreation 1, 2, or something else is > > correct. > > I agree. Can you give a text proposal or a patch for the man page? > I can do that after I make sure I understand how it's working. As I said, I suspect it's just some local stuff that is breaking the expected behavior. Ross -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]