Bug#394942: exim4-config: RCPT ACL prevents some legitimate relaying

Marc Haber mh+debian-packages at zugschlus.de
Tue Oct 24 07:36:59 UTC 2006 

tags #394942 wontfix
thanks

On Tue, Oct 24, 2006 at 02:19:53AM +0200, William Steve Applegate wrote:
> After upgrading my backup MX server, running Exim, mail stopped flowing
> to the primary MX. The log file showed every mail being rejected with
> `550 relay not permitted'. I traced this to the following directive in
> /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt:
> 
>   require
>     message = relay not permitted
>     domains = +local_domains : +relay_to_domains
> 
> The problem is, this line is placed _above_ the call to
> CHECK_RCPT_LOCAL_ACL_FILE. In my setup, the file pointed by this option
> contains the following configuration:
> 
>   accept
>     condition = ${if match{${lookup dnsdb{mx=$domain}}}{ my.primary.mx.host(\\n|\$)}{yes}{no}}
>     log_message = Permitted backup MX for $domain.
> 
> Which allows relaying to my domains without them being entered by hand
> in the relay_to_domains option. Trouble is, due to the aforementioned
> directive, this one is never evaluated. Could you please move the
> no-relay directive below the call to CHECK_RCPT_LOCAL_ACL_FILE?

I'm sorry, but that would mean deviating too far from upstream's
configuration. The check for local domains and relay_to_domains is
done early on purpose since that check is relatively cheap.

The following methods can be used to work around this:

- edit the ACL file (it's a dpkg-conffile and meant to be edited)
- point the ACL processor to a different, local ACL by means of the
  MAIN_ACL_CHECK_RCPT macro. This different ACL might call
  acl_check_rcpt as a sub-acl.

I am tagging this bug wontfix. If you find the suggested workaround
unacceptable, please say so.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-exim4-maintainers mailing list