Re: [Exim] ACL rule perfection

Top Page
Delete this message
Reply to this message
Author: Richard.Hall
Date:  
To: exim-users
Subject: Re: [Exim] ACL rule perfection
On Sat, 21 Feb 2004, Odhiambo G. Washington wrote:

> Hello all,
>
> I'd like to request for some help with this condition:
> Sp far it doesn't seem to work at all.
>
> condition     = ${if and { \
>                          {eq {$sender_helo_name}{outblaze.com}}\
>                          {match {$h_Received:}{.*mr.outblaze.com}} \
>                          }\
>                          {yes}{no}}

>
> Is it correct, especially with regard to the $h_Received?
> Is it wise to AND or OR the two sub conditions? I am think now that they
> may not always be true so OR-ing is much likely to work better than
> AND-ing.


Well, given that Suresh originally wrote

> > 1. If you see ".mr.outblaze.com" in any Received: header --> forged spam.
> >
> > 2. If you see HELO mail.com, HELO email.com etc --> forged spam


then yes, you should use OR so that either condition will trigger it.

To make the 'match' fit Suresh' condition exactly, I think you would need

    {match {$h_Received:} {\N\.mr\.outblaze\.com\N}} \


(The \N...\N prevents string expansion, which saves you messing around
with doubling the other backslashes).

Of course, you will get false positives on things like
    somehost.mr.outblaze.compost.com
- you need to decide how much that would matter to you.


Untested, YMMV, HTH, etc

Richard