[Exim] verify = helo does not work in HELO ACL

Pàgina inicial
Delete this message
Reply to this message
Autor: Oliver Eikemeier
Data:  
A: exim-users
CC: Philip Hazel
Assumpte: [Exim] verify = helo does not work in HELO ACL
In exim 4 something like:

helo_try_verify_hosts = *

acl_smtp_helo    = acl_check_helo


acl_check_helo:

  deny   message    = Faked IP in HELO/EHLO
         condition  = ${if match{$sender_helo_name}{\N^\d{1,3}(\.\d{1,3}){3}$\N}{yes}{no}}
        !verify     = helo


does not work, because the helo_try_verify_hosts verification
in src/smtp_in.c is done after the helo ACL.

Does it make sense to move the ACL check after the helo_try_verify_hosts verification:

--- exim_helo.patch begins here ---
--- src/smtp_in.c.orig    Mon Sep  1 12:47:21 2003
+++ src/smtp_in.c    Mon Sep  1 12:50:05 2003
@@ -2060,19 +2060,6 @@
       break;
       }


-    /* Apply an ACL check if one is defined */
-
-    if (acl_smtp_helo != NULL)
-      {
-      rc = acl_check(ACL_WHERE_HELO, smtp_data, acl_smtp_helo, &user_msg,
-        &log_msg);
-      if (rc != OK)
-        {
-        done = smtp_handle_acl_fail(ACL_WHERE_HELO, rc, user_msg, log_msg);
-        break;
-        }
-      }
-
     /* If sender_host_unknown is true, we have got here via the -bs interface,
     not called from inetd. Otherwise, we are running an IP connection and the
     host address will be set. If the helo name is the primary name of this
@@ -2218,6 +2205,19 @@
           HDEBUG(D_all) debug_printf("%s verification failed but host is in "
             "helo_try_verify_hosts\n", hello);
           }
+        }
+      }
+
+    /* Apply an ACL check if one is defined */
+
+    if (acl_smtp_helo != NULL)
+      {
+      rc = acl_check(ACL_WHERE_HELO, smtp_data, acl_smtp_helo, &user_msg,
+        &log_msg);
+      if (rc != OK)
+        {
+        done = smtp_handle_acl_fail(ACL_WHERE_HELO, rc, user_msg, log_msg);
+        break;
         }
       }


--- exim_helo.patch ends here ---

Or is there a reason for this order I can't see?

Regards
    Oliver