On Sat, Jul 06, 2002 at 03:38:54PM -0700, Cam Ellison wrote: | Clearly, there is more to this than meets the eye. | I'm beginning to think there is an interaction among 2 or more | settings, such that if any system has them set in a certain | combination, it doesn't pass the test. Yes. This is the problem with exim3 -- too many global variables that can have not-so-obvious interactions with each other. You also don't have as much control, for example adding a warning for hosts in the DUL, but only if they have not yet authenticated. The redesign for exim4 makes the config file incompatible, but greatly simplifies things and also adds the flexibility for the above scenario to be handled. | For example, if I remove the percent_hack setting, but leave | ..include_host_literals intact, it passes all the tests. The include_host_literals doesn't really affect the issue, though setting it to false will make that test pass. A variation on the test (which can't be automated like that) would still fail. What the host literals means is whether or not exim will accept, as a local domain, the IP address of its host given in brackets. A less-known fact in SMTP routing is that, right now, the address dman@[65.107.69.216] is equivalent to dman@dman.ddts.net The former avoids DNS altogether, whereas the latter (which is better to use in almost all circumstances) uses DNS to determine which machine (IP address) to hand off the message to. It is not likely or often that an ipliteral address will be used, though the RFCs require that it be accepted. My recommendation is : If you have a "real" site, allow ipliteral address. If you have a dial-up connection and only use exim for local delivery and relaying to a smarthost, you might as well turn that option off except while testing for relaying using a service like the one at relay-test.mail-abuse.org. That option really has no effect as far as making your host an open relay or not. Do note that you can test your configuration using the '-bv' option to exim. When testing any of the ipliteral address, make sure you use an ip address that, at the time of the test, belongs to your machine. HTH, -D -- Whoever loves discipline loves knowledge, but he who hates correction is stupid. Proverbs 12:1 http://dman.ddts.net/~dman/
Attachment:
pgpTx1Uz81qxC.pgp
Description: PGP signature