On Thu, 2003-05-29 at 14:44, Alan J. Flavell wrote:
> On Thu, 29 May 2003, Ron McKeating wrote:
>
> > Hang on a minute, are you saying if an IP address is in DUL and one of
> > the others it will get through.
>
> What I'm saying is that if your entry is nothing more than:
>
> deny dnslists = rbl-plus.mail-abuse.ja.net=127.1.0.13
>
> then it'll deny only when the lookup is precisely 127.1.0.13
>
> If you want to deny other combinations too, then you'll need to
> enumerate them, or try something more clever. Thinks...
>
> Would it be possible to have an ACL entry with two dnslists clauses in
> it? - like
>
> deny dnslists = ! rbl-plus.mail-abuse.ja.net=127.1.0.2
> dnslists = rbl-plus.mail-abuse.ja.net
>
Yes this would be ideal.
> I'd have thought that would let through those who are listed solely
> in the DUL, and blocked all other listed IPs (even those that are also
> listed in the DUL). Or am I missing a beat?
>
> > My understanding was that if I used
> > 127.1.0.13 it would hit any ip addr that was in any of those lists.
>
> That isn't what the documentation says, is it?
>
> http://www.exim.org/exim-html-4.20/doc/html/spec_37.html#IX2185
>
> <quote>
> For example,
>
> deny dnslists = rblplus.mail-abuse.org=127.0.0.2
>
> rejects only those hosts that yield 127.0.0.2.
> </>
>
> > Confused :-(
>
> Don't be afraid to read the documentation whenever the symptoms recur
> ;-}
>
Yes well between Phils' new book and
http://www.ja.net/CERT/JANET-CERT/mail/mail-abuse/rbl-plus-guide.html#otherMAPS
I am reading lots of documentation, sometimes it can be a little
confusing though.
Am I right in thinking that if I want all combinations except 127.1.0.2
then I need to specifically put in the following
127.1.0.1 RBL 127.1.0.3 DULRBL 127.1.0.4 RSS 127.1.0.5 RSS RBL
127.1.0.6 RSSDUL 127.1.0.7 RSSDULRBL 127.1.0.8 OPS 127.1.0.9 OPS RBL
127.1.0.10 OPS DUL 127.1.0.11 OPS DULRBL 127.1.0.12 OPSRSS 127.1.0.13
OPSRSS RBL 127.1.0.14 OPSRSSDUL 127.1.0.15 OPSRSSDULRBL
that is what seems to be implied from the above web page and what you
say.
> Now, I have to correct my earlier remark:
>
> > > I was
> > > reading a mail on this list under a different thread only a short time
> > > ago which discussed this, and I thought gave a usable recipe, no?
>
> In fact, I had misremembered scan-reading the thread "dnslists acl
> wishlist", and the recipe had involved a patch, rather than simple
> configuration. I guess a simple enumeration is what you want, after
> all.
--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329