On Sat, Jul 06, 2002 at 03:38:54PM -0700, Cam Ellison wrote:
| Clearly, there is more to this than meets the eye.
| I'm beginning to think there is an interaction among 2 or more
| settings, such that if any system has them set in a certain
| combination, it doesn't pass the test.
Yes. This is the problem with exim3 -- too many global variables that
can have not-so-obvious interactions with each other. You also don't
have as much control, for example adding a warning for hosts in the
DUL, but only if they have not yet authenticated. The redesign for
exim4 makes the config file incompatible, but greatly simplifies
things and also adds the flexibility for the above scenario to be
handled.
| For example, if I remove the percent_hack setting, but leave
| ..include_host_literals intact, it passes all the tests.
The include_host_literals doesn't really affect the issue, though
setting it to false will make that test pass. A variation on the test
(which can't be automated like that) would still fail.
What the host literals means is whether or not exim will accept, as a
local domain, the IP address of its host given in brackets.
A less-known fact in SMTP routing is that, right now, the address
dman@[65.107.69.216]
is equivalent to
dman@dman.ddts.net
The former avoids DNS altogether, whereas the latter (which is better
to use in almost all circumstances) uses DNS to determine which
machine (IP address) to hand off the message to.
It is not likely or often that an ipliteral address will be used,
though the RFCs require that it be accepted.
My recommendation is :
If you have a "real" site, allow ipliteral address.
If you have a dial-up connection and only use exim for local
delivery and relaying to a smarthost, you might as well turn
that option off except while testing for relaying using a
service like the one at relay-test.mail-abuse.org.
That option really has no effect as far as making your host an open
relay or not.
Do note that you can test your configuration using the '-bv' option to
exim. When testing any of the ipliteral address, make sure you use an
ip address that, at the time of the test, belongs to your machine.
HTH,
-D
--
Whoever loves discipline loves knowledge,
but he who hates correction is stupid.
Proverbs 12:1
http://dman.ddts.net/~dman/
Attachment:
pgpTx1Uz81qxC.pgp
Description: PGP signature