| lsearch (like all lookups) is a key-value thing. It isn't a pattern
| match like fgrep would be. That _does_ work, if the exact subject
| string is a key in the lsearch file, and if the lsearch file is a
| valid lsearch file.
well, this is what the files look like, perhaps someone could tell me what i'm doing wrong
because i cant figure it out and all tests i send fail..
[cipher][/usr/local/exim]# cat configure
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
#
# Specify your host's canonical name here. This should normally be the
# fully qualified "official" name of your host. If this option is not
# set, the uname() function is called to obtain the name.In many cases
# this does the right thing and you need not set anything explicitly.
#
######################################################################
primary_hostname = net-152-28.mweb.co.za
######################################################################
#
# domainlist local_domains = my.first.domain : my.second.domain
#
# You can use "@" to mean "the name of the local host", as in the
# default setting above. This is the name that is specified by
# primary_hostname, as specified above (or defaulted). If you do not
# want to do any local deliveries, remove the "@" from the setting
# above. If you want to accept mail addressed to your host's literal
# IP address, for example, mail addressed to "user@???",
# you can add "@[]" as an item in the local domains list. You also
# need to uncomment "allow_domain_literals" below. This is not
# recommended for today's Internet.
#
######################################################################
domainlist local_domains = @ : hack.co.za
######################################################################
#
# The second setting specifies domains for which your host is an
# incoming relay. If you are not doing any relaying, you should leave
# the list empty. However, if your host is an MX backup or gateway of
# some kind for some domains, you must set relay_to_domains to match
# those domains. For example:
#
# domainlist relay_to_domains = *.myco.com : my.friend.org
#
# This will allow any host to relay through your host to those domains.
# See the section of the manual entitled "Control of relaying" for more
# information
#
#####################################################################
domainlist relay_to_domains = @mx_any
######################################################################
#
# The third setting specifies hosts that can use your host as an
# outgoing relay to any other host on the Internet. Such a setting
# commonly refers to a complete local network as well as the localhost.
#
# For example:
#
# hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16
#
# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note
# that you have to include 127.0.0.1 if you want to allow processes on
# your host to send SMTP mail by using the loopback address. A number
# of MUAs use this method of sending mail
#
#####################################################################
hostlist relay_from_hosts = "lsearch:/usr/local/exim/relay_hosts.txt"
#####################################################################
#
# smtp banner
#
# smtp_banner = " " -> will remove the banner..
# smtp_banner = ESMTP -> rfc compliant..
#
#####################################################################
smtp_banner = " "
#####################################################################
#
# If this option is set, incoming SMTP calls from the hosts listed
# are rejected as soon as the connection is made. This option is
# provided for use in unusual cases. Many host will just try again.
# Normally, it is better to use an ACL to reject incoming messages at
# a later stage, such as after RCPT commands. See chapter 37.
#
#####################################################################
host_reject_connection = lsearch;/usr/local/exim/reject_host.txt
##############################################################
#
# helo_accept_junk_hosts
# Type: host list, expanded
# Default: unset
#
# Exim checks the syntax of HELO and EHLO commands for
# incoming SMTP mail, and gives an error response for
# invalid data. Unfortunately, there are some SMTP clients
# that send syntactic junk. They can be accommodated by
# setting this option. Note that this is a syntax check
# only. See helo_verify_hosts if you want to do semantic
# checking.
#
##############################################################
helo_accept_junk_hosts = *
#####################################################################
#
# By setting the log_selector global option, you can disable some of
# Exim's default logging, or you can request additional logging. The
# value of log_selector is made up of names preceded by plus or minus
# characters.
#
# For example:
#
# log_selector = +arguments -retry_defer
#
# The list of optional log items is in the following table, with the
# default selection marked by asterisks:
#
# address_rewrite -> address rewriting
# all_parentsi -> all parents in => lines
# arguments -> command line arguments
# *connection_reject -> connection rejections
# *delay_delivery -> immediate delivery delayed (message queued)
# delivery_size -> add S=nnn to => lines
# *dnslist_defer -> defers of DNS list (aka RBL) lookups
# *etrn -> ETRN commands
# incoming_interface -> incoming interface on <= lines
# incoming_port -> incoming port on <= lines
# *lost_incoming_connection -> as it says (includes timeouts)
# *queue_run -> start and end queue runs
# received_recipients -> recipients on <= lines
# received_sender -> sender on <= lines
# *retry_defer -> ``retry time not reached''
# sender_on_delivery -> add sender to => lines
# *size_reject -> rejection because too big
# *skip_delivery -> ``message is frozen'', ``spool file is locked''
# smtp_confirmation -> SMTP confirmation on <= lines
# smtp_connection -> SMTP connections
# smtp_protocol_error -> SMTP protocol errors
# smtp_syntax_error -> SMTP syntax errors
# subject -> contents of Subject: on <= lines
# *tls_cipher -> TLS cipher on <= lines
# tls_peerdn -> TLS peer DN on <= lines
#
# all all of the above
#
#####################################################################
log_selector = +all -arguments -queue_run -smtp_confirmation
#####################################################################
#
# acl_smtp_data:
#
# we use it to do subject header checking
#
#####################################################################
acl_smtp_data = check_subject
#####################################################################
#
# All three of these lists may contain many different kinds of item,
# including wildcarded names, regular expressions, and file lookups.
# See the reference manual for details. The lists above are used in
# the access control list for incoming messages.The name of this ACL
# is defined here:
#
#####################################################################
acl_smtp_rcpt = acl_check_rcpt
#####################################################################
#
# The following line must be uncommented if you want Exim to recognize
# addresses of the form "user@???" that is, with a "domain
# literal" (an IP address) instead of a named domain. The RFCs still
# require this form, but it makes little sense to permit mail to be
# sent to specific hosts by their IP address in the modern Internet.
# This ancient format has been used by those seeking to abuse hosts
# by using them for unwanted relaying. If you really do want to
# support domain literals, uncomment the following line, and see also
# the "domain_literal" router below.
#
#####################################################################
# allow_domain_literals
#####################################################################
#
# No deliveries will ever be run under the uids of these users
# (a colon-separated list). An attempt to do so causes a panic error
# to be logged, and the delivery to be deferred. This is a paranoic
# safety catch. Note that the default setting means you cannot deliver
# mail addressed to root as if it were a normal user. This isn't
# usually a problem, as most sites have an alias for root that
# redirects such mail to a human administrator.
#
#####################################################################
never_users = root
#####################################################################
#
# The setting below causes Exim to do a reverse DNS lookup on all
# incoming IP calls, in order to get the true host name. If you feel
# this is too expensive, you can specify the networks for which a
# lookup is done, or remove the setting entirely.
#
#####################################################################
host_lookup = *
#####################################################################
#
# The settings below, which are actually the same as the defaults in
# the code, cause Exim to make RFC 1413 (ident) callbacks for all
# incoming SMTP calls. You can limit the hosts to which these calls
# are made, and/or change the timeout that is used. If you set the
# timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls
# are cheap and can provide useful information for tracing problem
# messages, but some hosts and firewalls have problems with them.
# This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session.
#
#####################################################################
rfc1413_hosts = *
rfc1413_query_timeout = 0s
#####################################################################
#
# When Exim can neither deliver a message nor return it to sender, it
# "freezes" the delivery error message (aka "bounce message"). There
# are also other circumstances in which messages get frozen. They
# will stay on the queue for ever unless one of the following options
# is set.
#
# ignore_bounce_errors_after:
#
# This option unfreezes frozen bounce messages after two days,
# tries once more to deliver them, and ignores any delivery failures.
#
# timeout_frozen_after:
#
# This option cancels (removes) frozen messages that are older than
# X amount of days..
#
#####################################################################
ignore_bounce_errors_after = 2d
timeout_frozen_after = 1d
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
######################################################################
#
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
#
######################################################################
acl_check_rcpt:
####################################################################
#
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do
# this by testing for an empty sending host field.
#
####################################################################
accept hosts = :
####################################################################
#
# Deny if the local part contains @ or % or / or | or !. These are
# rarely found in genuine local parts, but are often tried by people
# looking to circumvent relaying restrictions.
#
####################################################################
deny local_parts = ^.*[@%!/|]
####################################################################
#
# Accept mail to postmaster in any local domain, regardless of the
# source, and without verifying the sender.
#
####################################################################
accept local_parts = postmaster
domains = +local_domains
####################################################################
#
# Deny sender/spam domain(s)
#
####################################################################
deny sender_domains = lsearch;/usr/local/exim/reject_domain.txt
####################################################################
#
# Deny sender/spam email addresse(s)
#
####################################################################
deny senders = lsearch;/usr/local/exim/reject_email-from.txt
####################################################################
#
# Deny unless the sender address can be verified.
#
####################################################################
require verify = sender
####################################################################
#
# Accept if the address is in a local domain, but only if the
# recipient can be verified. Otherwise deny. The "endpass" line is
# the border between passing on to the next ACL statement (if tests
# above it fail) or denying access (if tests below it fail).
#
####################################################################
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
####################################################################
#
# Accept if the address is in a domain for which we are relaying,
# but again,
# only if the recipient can be verified.
#
####################################################################
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
####################################################################
#
# If control reaches this point, the domain is neither in
# +local_domains nor in +relay_to_domains.
#
# Accept if the message comes from one of the hosts for which we are
# an outgoing relay. Recipient verification is omitted here, because
# in many cases the clients are dumb MUAs that don't cope well with
# SMTP error responses. If you are actually relaying out from MTAs,
# you should probably add recipient verification here.
#
####################################################################
accept hosts = +relay_from_hosts
####################################################################
#
# Accept if the message arrived over an authenticated connection,
# from any host. Again, these messages are usually from MUAs, so
# recipient verification is omitted.
#
####################################################################
accept authenticated = *
####################################################################
#
# Reaching the end of the ACL causes a "deny", but we might as well
# give an explicit message.
####################################################################
deny message = relay not permitted
check_subject:
deny condition = ${lookup {$h_Subject:} lsearch \
{/usr/local/exim/reject_subject.txt}}
message = "well, you asked!"
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
######################################################################
#
# This router routes addresses that are not in local domains by doing a DNS
# lookup on the domain name. Any domain that resolves to 0.0.0.0 or to a
# loopback interface address (127.0.0.0/8) is treated as if it had no DNS
# entry. Note that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated
# as the local host inside the network stack. It is not 0.0.0.0/0, the default
# route. If the DNS lookup fails, no further routers are tried because of
# the no_more setting, and consequently the address is unrouteable.
#
######################################################################
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
######################################################################
#
# This router handles aliasing using a traditional /etc/aliases file.
#
##### NB You must ensure that /etc/aliases exists. It used to be the case
##### NB that every Unix had that file, because it was the Sendmail default.
##### NB These days, there are systems that don't have it. Your aliases
##### NB file should at least contain an alias for "postmaster".
#
# If any of your aliases expand to pipes or files, you will need to
# set up a user and a group for these deliveries to run under. You
# can do this by uncommenting the "user" option below (changing the
# user name as appropriate) and adding a "group" option if necessary.
# Alternatively, you can specify "user" on the transports that are
# used. Note that the transports listed below are the same as are
# used for .forward files; you might want to set up different ones
# for pipe and file deliveries from aliases.
#
######################################################################
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
######################################################################
#
# This router matches local user mailboxes.
#
######################################################################
localuser:
driver = accept
check_local_user
transport = local_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
#
# A transport is used only when referenced from a router that
# successfully handles an address.
#
######################################################################
begin transports
######################################################################
#
# This transport is used for delivering messages over SMTP connections.
#
######################################################################
remote_smtp:
driver = smtp
######################################################################
#
# This transport is used for local delivery to user mailboxes in
# traditional BSD mailbox format. By default it will be run under the
# uid and gid of the local user, and requires the sticky bit to be set
# on the /var/mail directory. Some systems use the alternative approach
# of running mail deliveries under a particular group instead of using
# the sticky bit. The commented options below show how this can be done.
#
######################################################################
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
######################################################################
#
# This transport is used for handling pipe deliveries generated by
# alias or .forward files. If the pipe generates any standard output,
# it is returned to the sender of the message as a delivery error. Set
# return_fail_output instead of return_output if you want this to
# happen only when the pipe fails to complete normally. You can set
# different transports for aliases and forwards if you want to - see
# the references to address_pipe in the routers section above.
#
######################################################################
address_pipe:
driver = pipe
return_output
######################################################################
#
# This transport is used for handling deliveries directly to files
# that are generated by aliasing or forwarding.
#
######################################################################
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
######################################################################
#
# This transport is used for handling autoreplies generated by the
# filtering option of the userforward router.
#
######################################################################
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
######################################################################
#
# This single retry rule applies to all domains and all errors. It
# specifies retries every 15 minutes for 2 hours, then increasing
# retry intervals, starting at 1 hour and increasing each time by a
# factor of 1.5, up to 16 hours, then retries every 6 hours until 4
# days have passed since the first failed delivery.
#
# Domain Error Retries
# ------ ----- -------
######################################################################
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
#
# There are no rewriting specifications in this default configuration
# file.
#
######################################################################
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
#
# There are no authenticator specifications in this default
# configuration file.
#
######################################################################
begin authenticators
# End of Exim configuration file
[cipher][/usr/local/exim]# cat reject_subject.txt
this is spam
well, i do like you
no more spam!
