Hi,
I would like to have some kind of local whitelist to exempt some hosts
or networks from a dnslist access list. I didn't find an option to do
so. One possible way would be the condition "condition", but I don't
see any example. What would the following acl entry do?
deny message = rejected
condition = ${host not in whitelist}
dnslists = black.list.example
Would the dnslists condition be evaluated if the host is inside the
whitelist? Would it be if it where not? Or is it only planned to have
a single condition per access list entry?
Or should one use the acl condition as some kind of a subroutine?
It would probably be a good idea to have some kind of "go to"
statement to jump down in the acl chain. That would allow something
like
|acl_check_rcpt:
| accept hosts = :
|
| deny local_parts = ^.*[@%!/|] : ^\\.
|
| warn message = X-HELO-Failed: no IP address found for HELO host $sender_helo_name
| log_message = helo failed
| !verify = helo
|
| require verify = sender
|
| warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
| !verify = reverse_host_lookup
|
| goto target = end_local_blacklists
| hosts = ${if exists{/etc/exim4/local_host_whitelist}\
| {/etc/exim4/local_host_whitelist}\
| {}}
|
| deny message = Locally blacklisted, you're out of luck
| hosts = ${if exists{/etc/exim4/local_host_blacklist}\
| {/etc/exim4/local_host_blacklist}\
| {}}
|
| deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
| dnslists = black.list.example
|
| label name = end_local_blacklists
|
| accept domains = +local_domains
| endpass
| message = unknown user
| verify = recipient
|
| accept domains = +relay_to_domains
| endpass
| message = unrouteable address
| verify = recipient
|
| accept hosts = +relay_from_hosts
|
| accept authenticated = *
|
| deny message = relay not permitted
This construction allows to nicely skip acl statements denying access
to certain hosts for hosts that are in a whitelist.
Is something like this already present?
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
