[Exim] ACLs - much confusion.

Top Page
Delete this message
Reply to this message
Author: Daniel Bye
Date:  
To: exim-users
Subject: [Exim] ACLs - much confusion.
--
Hi all,

I am having a really confusing time with Exim 4.20 on FreeBSD 4.8-STABLE
(not that I think that's particularly relevant - it's far more likely to me
that's at fault here...)

The machine in question is located at a customer's site, and works fine
apart from one small thing - two of their main correspondents
intermittently pick up IP addresses that are blacklisted at
multihop.dsbl.org. In an attempt to short circuit the ACL for the two
addresses before they get as far as the blacklist tests, I have this in
acl_check_rcpt:

  accept  senders = *@domain1.co.uk : mailbox@???
          endpass
          message = unknown user
          verify = recipient



  deny  message         = message rejected.  Sender IP address ($sender_host_address) is blacklisted at $dnslist_domain\n$dnslist_text
        dnslists        = blackholes.mail-abuse.org:\
                          dialups.mail-abuse.org:\
                          list.dsbl.org
                          multihop.dsbl.org


Testing this setup with `exim -bh <blacklisted IP address>' accepts mail
from the two domains in question, but in real life, they are still rejected
with the message from the deny ACL block, above.

In practical terms, it's not too much of a hassle - I have removed
multihop.dsbl.org from dnslists. But for my own peace of mind, can anyone
say what's happening? I understood it that an `accept' was just that - if
its conditions were met, the message would be accepted, regardless of any
subsequent `deny' blocks that would cause it to be rejected. Am I just
missing the point somewhere?

Thanks for your time,

Dan

--
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \
--
[ Content of type application/pgp-signature deleted ]
--