[Exim] off error with dnslists ACL

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: exim-users
Subject: [Exim] off error with dnslists ACL
An odd blip happened today while evaluating my antispam acls:

...
warn    dnslists    = dynablock.easynet.nl
        set acl_c5 = 6
        set acl_m2 = $acl_m2 YOUR SERVER ADDRESS
$sender_host_address IS BLACKLISTED AT
$dnslist_domain\n$dnslist_text\n
        set acl_m4 = ${eval: $acl_m4+1}
        set acl_c4 = 0



warn    dnslists    = opm.blitzed.org
        set acl_c5 = 4
        set acl_m2 = $acl_m2 YOUR SERVER ADDRESS
$sender_host_address IS BLACKLISTED AT
$dnslist_domain\n$dnslist_text\n
        set acl_m4 = ${eval: $acl_m4+1}
...


[ignore the fact that I stupidly put the lower score after the
higher, as acl_c5 should store the highest positive RBL].

I received a message from a server on a dynamic ip; the ip was listed
at dynablock.easynet.nl, and indeed in named logs I have:

Oct 19 13:26:19.042 queries: info: client 127.0.0.1#53295: query:
238.125.165.165.in-addr.arpa IN PTR
Oct 19 13:26:23.424 queries: info: client 127.0.0.1#63518: query:
238.125.165.165.bl.spamcop.net IN A
Oct 19 13:26:23.561 queries: info: client 127.0.0.1#63519: query:
238.125.165.165.dnsbl.njabl.org IN A
Oct 19 13:26:23.692 queries: info: client 127.0.0.1#63520: query:
238.125.165.165.cbl.abuseat.org IN A
Oct 19 13:26:25.853 queries: info: client 127.0.0.1#63521: query:
238.125.165.165.dynablock.easynet.nl IN A
Oct 19 13:26:25.894 queries: info: client 127.0.0.1#63522: query:
238.125.165.165.dynablock.easynet.nl IN TXT
Oct 19 13:26:25.939 queries: info: client 127.0.0.1#63523: query:
238.125.165.165.opm.blitzed.org IN A
Oct 19 13:26:26.058 queries: info: client 127.0.0.1#63524: query:
238.125.165.165.relays.ordb.org IN A
Oct 19 13:26:26.124 queries: info: client 127.0.0.1#63525: query:
238.125.165.165.sbl.spamhaus.org IN A

the TXT record indicates the only RBL that resulted positive.

But in exim logs I got the wrong value for acl_c5:


2003-10-19 13:26:33 HN07W8-000FZJ-74 H=tbnb-125-238.telkomadsl.co.za
(messianic.dyndns.org) [165.165.125.238] Warning: DATA SPAM
FLAGS:0;0;0;0;0;4;0;0;0;0; SCORE: 7 RBLS: 1

                 ^ this is acl_c5
It looks as if the subsequent warn, which should have failed, set the
acl_c5, overwriting the previous value.


I immediately run exim -bh 165.165.125.238 and got:

...
>>>  processing "warn"
>>>  check dnslists = dynablock.easynet.nl
>>>  DNS list check: dynablock.easynet.nl
>>>  new DNS lookup for 238.125.165.165.dynablock.easynet.nl
>>>  DNS lookup for 238.125.165.165.dynablock.easynet.nl succeeded
>>>  => that means 165.165.125.238 is listed at dynablock.easynet.nl
>>>  check set = 6
>>>  check set = $acl_m2 YOUR SERVER ADDRESS $sender_host_address IS
>>>BLACKLISTED AT $dnslist_domain\n$dnslist_text\n
>>>            =  YOUR SERVER ADDRESS 165.165.125.238 IS BLACKLISTED
>>>AT dynablock.easynet.nl
>>>  Dynamic/Residential IP range listed by easynet.nl DynaBlock -
>>>http://dynablock.easynet.nl/errors.html

>>>
>>>  check set = ${eval: $acl_m4+1}
>>>            = 1
>>>  check set = 0
>>>  warn: condition test succeeded
>>>  processing "warn"
>>>  check dnslists = opm.blitzed.org
>>>  DNS list check: opm.blitzed.org
>>>  new DNS lookup for 238.125.165.165.opm.blitzed.org
>>>  DNS lookup for 238.125.165.165.opm.blitzed.org failed
>>>  => that means 165.165.125.238 is not listed at opm.blitzed.org
>>>  warn: condition test failed

...
LOG: HN0BRM-000G3N-EZ H=tbnb-125-238.telkomadsl.co.za
(messianic.dyndns.org) [165.165.125.238] Warning: DATA SPAM
FLAGS:0;0;0;0;0;6;0;0;0;0; SCORE: 9 RBLS: 1

that indeed gives the correct value.

What could have happened? This just does not make sense. Perhaps time
to reboot...

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/