Re: [Exim] lookup type help

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MWalt Reed at <-
 
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Walt Reed
CC: exim-users
Subject: Re: [Exim] lookup type help
On Wed, 13 Aug 2003, Walt Reed wrote:

> I have a local blocklist that looks like such:
>
> 200.0.0.0/8
> 202.30.0.0/15
> *.client.comcast.net
> *.client2.attbi.com
>
> I would like to use something like this instead:
>
> 200.0.0.0/8        Rejected due to excessive spam from netblock 200/8
> 202.30.0.0/15        no access from $sender_host_address
> *.client.comcast.net    Rejected: use your ISP's mail relay
> *.client2.attbi.com    Rejected: use your ISP's mail relay

>
> Right now, I am using an ACL like this:
>   deny    ! hosts  = /etc/exim4/whitelist
>           hosts = /etc/exim4/blocklist
>           message = Rejected: $sender_host_address blocked - see http://example.com/block/

You would have to use a lookup, and because you have both names and
networks, and different kinds of network, you would have to use several
lookups. Because these need to be alternatives, you would have to use
several different statements. It all gets very messy: 

    deny    !hosts = /etc/exim4/whitelist
             hosts = partial-lsearch;/etc/exim4/blocklist


    deny    !hosts = /etc/exim4/whitelist
             hosts = net8-lsearch;/etc/exim4/blocklist


    deny    !hosts = /etc/exim4/whitelist
             hosts = net15-lsearch;/etc/exim4/blocklist


The repeated whitelist test is inefficient. It could be improved by
turning it into a named list, for which the result is cached.
Alternatively, depending on how your configuration works, you could put 

    accept  hosts = /etc/exim4/whitelist


earlier, to remove the need to keep testing.

The repeated scanning of the file is also inefficient, though you could
of course turn it into a dbm or cdb file, which would be better, and
worthwhile if there are more than, say 30 or 40 entries.

> First, is it possible to have an exim variable such as
> $sender_host_address in the data and have it expanded (not a big
> priority...)

$sender_host_address is set, but is not used directly in single-key
lookups. It is implied by the "net-" prefix to the lookup type. 

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] Masquerade needed for outbound mail.Re: [Exim] Exim 4.21 released->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)