[Exim] How to exclude some hosts from dnslist access lists?

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
M 
M\Nico Erfurth en ->
Delete this message
Reply to this message
Autor: Marc Haber
Data:  
A: exim-users
Assumpte: [Exim] How to exclude some hosts from dnslist access lists?
Hi,

I would like to have some kind of local whitelist to exempt some hosts
or networks from a dnslist access list. I didn't find an option to do
so. One possible way would be the condition "condition", but I don't
see any example. What would the following acl entry do? 

deny message = rejected
     condition = ${host not in whitelist}
     dnslists = black.list.example


Would the dnslists condition be evaluated if the host is inside the
whitelist? Would it be if it where not? Or is it only planned to have
a single condition per access list entry?

Or should one use the acl condition as some kind of a subroutine?

It would probably be a good idea to have some kind of "go to"
statement to jump down in the acl chain. That would allow something
like

|acl_check_rcpt:
| accept hosts = :
|
| deny local_parts = ^.*[@%!/|] : ^\\.
|
|  warn message = X-HELO-Failed: no IP address found for HELO host $sender_helo_name
|       log_message = helo failed
|       !verify = helo
|
| require verify = sender
|
|  warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
|       !verify = reverse_host_lookup
|
|  goto target = end_local_blacklists
|       hosts = ${if exists{/etc/exim4/local_host_whitelist}\
|                             {/etc/exim4/local_host_whitelist}\
|                             {}}
|
|  deny message = Locally blacklisted, you're out of luck
|       hosts = ${if exists{/etc/exim4/local_host_blacklist}\
|                             {/etc/exim4/local_host_blacklist}\
|                             {}}
|
|  deny message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|       dnslists      = black.list.example
|
| label name = end_local_blacklists
|
|  accept domains = +local_domains
|         endpass
|         message = unknown user
|         verify = recipient
|
|  accept domains = +relay_to_domains
|         endpass
|         message = unrouteable address
|         verify = recipient
|
| accept hosts = +relay_from_hosts
|
| accept authenticated = *
|
| deny message = relay not permitted

This construction allows to nicely skip acl statements denying access
to certain hosts for hosts that are in a whitelist.

Is something like this already present?

Greetings
Marc 

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29



Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-RE: [Exim] PAM problems on exim4.14 debian sargeRE: [Exim] PAM problems on exim4.14 debian sarge->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)