Folks,
I have had a longterm problem checking for relay_domains using LDAP.
I gave up a while back, and put my relay_domains in a file.
However, I have recently upgraded exim, and wish to flag that there is
still a problem here. I have cut down on unnecessary stuff, and only
(I hope) present the important info. The -bh log contains everything.
If further information is needed, or other suggested tests, I am happy
to try them.
Cheers, Andy!
################################
My exim :-
$ exim -bV
Exim version 4.52 #1 built 18-Aug-2005 16:50:39
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (February 22, 2005)
Support for: iconv() PAM
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dsearch
ldap ldapdn ldapm mysql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Configuration file is /etc/exim.conf
My config :-
################################
# macros :-
domainlist relay_domains =
ldapm;ldap::///dc=wizzy,dc=org,dc=za?associatedDomain?one? : \
ldapm;ldap::///dc=wcape,dc=school,dc=za?associatedDomain?one? : \
ldapm;ldap::///dc=kzn,dc=school,dc=za?associatedDomain?one?
################################
#!!# ACL that is used after the RCPT command
check_recipient:
# deny non-local domains
deny !domains = +local_domains : +relay_domains
message = We do not relay
################################
# Example LDAP entry :-
# nansindlela.wizzy.org.za
dn: dc=nansindlela,dc=wizzy,dc=org,dc=za
objectClass: uucpHostClass
objectClass: domainRelatedObject
objectClass: dNSDomain
objectClass: simpleSecurityObject
mXRecord: 20 tsf.wizzy.org.za
mXRecord: 30 smtp.wizzy.org.za
schoolDistrict: KZN
description: Pentium server
dc: nansindlela
uuHost: nansindlela
uuRoute: nansindlela
associatedDomain: nansindlela.wizzy.org.za
userPassword:: bm9temFtbw==
################################
My test (I need hardly say that neither aol.com nor ez.no are anything to do
with me)
[EMAIL PROTECTED] exim]# exim -bh 1.2.3.4
**** SMTP testing session as if from host 1.2.3.4
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "0.0.0.0/0")
>>> looking up host name for 1.2.3.4
>>> IP address lookup using gethostbyaddr()
>>> IP address lookup failed: h_errno=1
LOG: no host name found for IP address 1.2.3.4
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 barn.wizzy.org.za ESMTP Exim 4.52 Sun, 21 Aug 2005 17:15:45 +0200
EHLO wiz.com
>>> wiz.com in helo_lookup_domains? no (end of list)
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
250-barn.wizzy.org.za Hello wiz.com [1.2.3.4]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
MAIL FROM: <[EMAIL PROTECTED]>
250 OK
RCPT TO: <[EMAIL PROTECTED]>
>>> using ACL "check_recipient"
>>> processing "deny"
>>> check local_parts = [EMAIL PROTECTED]/|] : ^\\.
>>> andyr in "[EMAIL PROTECTED]/|] : ^\."? no (end of list)
>>> deny: condition test failed
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check authenticated = *
>>> accept: condition test failed
>>> processing "deny"
>>> check !domains = +local_domains : +relay_domains
>>> ez.no in "wizzy.org.za : barn.wizzy.org.za"? no (end of list)
>>> ez.no in "ldapm;ldap::///dc=wizzy,dc=org,dc=za?associatedDomain?one? :
>>> ldapm;ldap::///dc=wcape,dc=school,dc=za?associatedDomain?one? :
>>> ldapm;ldap::///dc=kzn,dc=school,dc=za?associatedDomain?one?"? yes ( matched
>>> "ldapm;ldap:///dc=wizzy,dc=org,dc=za?associatedDomain?one?";)
>>> ez.no in "+local_domains : +relay_domains"? yes (matched "+relay_domains")
>>> deny: condition test failed
>>> processing "accept"
>>> check senders = : postmaster
>>> aol.com in ""? no (end of list)
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
