The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim RBL check / lsearch oddity

Discussion in 'General Discussion' started by nxds, May 31, 2006.

  1. nxds

    nxds Well-Known Member

    Joined:
    Jan 6, 2006
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    I have been using this stanza in exim.conf for checking against RBLs but to exclude authenticated users:

    Code:
      deny   message = rejected because $sender_host_address is in a blacklist at $dnslist_domain see $dnslist_text
             !hosts = +relay_hosts
             !authenticated = *
             dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org : relays.ordb.org : list.dsbl.org
    I discovered today that IP addresses appearing in /etc/relayhosts were still being checked in the dnslists even though the line !hosts = +relay_hosts suggests they shouldn't. (relay_hosts is defined as: hostlist relay_hosts = lsearch:/etc/relayhosts : localhost)

    On investigation with exim -bh <blacklisted.IP.in.relayhosts>, I found that a hostname check, not an IP check was being done against /etc/relayhosts. After a bit of trial and error, I discovered that the lsearch was causing this to happen because using:
    Code:
    hostlist rbl_whitelist = /etc/relayhosts : localhost
    would work as expected.

    Any comments as to why lsearch would cause such dramatically different behaviour?

    Here are some snippets from exim -bh showing the debug output. 1st using lsearch:
    Code:
    >>> processing "deny"
    >>> check !hosts = +relay_hosts
    >>> sender host name required, to match against lsearch;/etc/relayhosts
    >>> looking up host name for 212.60.x.x
    >>> IP address lookup using gethostbyaddr()
    >>> IP address lookup failed: h_errno=1
    LOG: no host name found for IP address 212.60.x.x
    >>> host in "lsearch;/etc/relayhosts : localhost"? no (failed to find host name for 212.60.65.174)
    >>> host in "+relay_hosts"? no (end of list)
    >>> check !authenticated = *
    >>> check dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org : relays.ordb.org : list.dsbl.org
    
    Now without lsearch:
    Code:
    >>> processing "deny"
    >>> check !hosts = +rbl_whitelist
    >>> gethostbyname looked up these IP addresses:
    >>>   name=localhost address=127.0.0.1
    >>> host in "/etc/relayhosts : localhost"? yes (matched "212.60.x.x")
    >>> host in "+rbl_whitelist"? yes (matched "+rbl_whitelist")
    >>> deny: condition test failed
    
     
    #1 nxds, May 31, 2006
    Last edited: May 31, 2006
Loading...

Share This Page