> > > > Get rid of the above one - it serves no useful purpose. Or please
> > > > explain how it is supposed to work. The check below does what you need
> > > > if I understand your logic correctly.
> > > >
> > > > > deny hosts = ! /mail/exim/files/net_reject_except : \
> > > > > +include_unknown:partial-lsearch;/mail/exim/files/host_reject : \
> > > > > /mail/exim/files/net_reject
> > > >
> > > > This part seems ok. Can you show some examples on what net_reject_except,
> > > > host_reject and net_reject files contain?
> >
> > As I said in a mail sent yesterday, this is not ok unless you want to
> > reject RCPT commands from hosts that are not whitelisted by
> > net_reject_except and whose IP address does't resolve to a hostname (and
> > also hosts listed in host_reject and net_reject of course).
> >
>
> A bit puzzled here about what to do without offending various ISPs.
> If I leave +include_unknown, then it falls apart as so many
> machines in the net don't resolve to hostname.
>
> What are the views of people who are using Exim 4.1x with ACL?
On my system at home, I removed the +include_unknown because it caused
problems. In the above deny, you're saying this:
Allow hosts that are in /mail/exim/files/net_reject_except,
deny hosts that have no hostname,
deny hosts (by name) that are listed in /mail/exim/files/host_reject,
and finally deny hosts in /mail/exim/files/net_reject
This could be part of your problem. Try removing +include_unknown and see
what happens.
