RE: [Exim] Deny from all hosts except... ACL help.

Top Page
Delete this message
Reply to this message
Author: Eli
Date:  
To: 'Brett Thorson', exim-users
Subject: RE: [Exim] Deny from all hosts except... ACL help.
Well, you can go about it two ways...

One way is rather than making it a macro, make it a hostlist:

hostlist incoming_hubs = 132.151.6.1 : 132.151.1.2

Then in your ACL, use:

    hosts = !+incoming_hubs



Or, if you want to use a macro, you must define it like this:

INCOMING_HUBS = ! 132.151.6.1 : ! 132.151.1.2

And use it like this in your ACL:

    hosts = INCOMING_HUBS



Because as a macro, it just drops in the replacement, so even though you can
do:

    hosts = !INCOMING_HUBS


That is translated into:

    hosts = !132.151.6.1 : 132.151.1.2


And so it only checks for a NOT of the first IP, not the 2nd one as well.


Eli.

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On Behalf
Of Brett Thorson
Sent: Monday, December 22, 2003 4:11 PM
To: exim-users@???
Subject: [Exim] Deny from all hosts except... ACL help.

In my config file I have:

INCOMING_HUBS = 132.151.6.1 : 132.151.1.2

<SNIP> To ACLs


# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.

accept hosts = :

#I want to deny all mail unless it comes from one of the MX machines

  deny    hosts = !INCOMING_HUBS
          message = use the proper MX please



and I get..


23708 Process 23708 is handling incoming connection from [211.99.153.207]
23708 LOG: smtp_connection MAIN
23708 SMTP connection from [211.99.153.207] (TCP/IP connection count = 1)
23708 Process 23708 is ready for new message
23708 using ACL "acl_check_rcpt"
23708 processing "accept"
23708 check hosts = :
23708 accept: condition test failed
23708 processing "deny"
23708 check hosts = !132.151.6.1 : 132.151.1.2
23708 deny: condition test failed


Is there something I am missing here? Do I need that "+" sign in front of
my
constant?

Basically what I am trying to do, is to tell my mail server not to talk to
anyone else except for the 2 hosts that accept all the mail for it. (Yeah,
I
know about firewalls, but I wanted exim to do it)

--Brett

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##

---
[This E-mail scanned for viruses]



---
[This E-mail scanned for viruses]