Re: [Exim] Warn ACL with sender verify problem

Pàgina inicial
Delete this message
Reply to this message
Autor: John Horne
Data:  
A: exim-users
Assumpte: Re: [Exim] Warn ACL with sender verify problem
On Wed, 2004-04-21 at 15:48, Philip Hazel wrote:
> On Wed, 21 Apr 2004, John Horne wrote:
>
> > The MAIL ACL was:
> >
> >   warn    condition = ${if eq {$acl_m5} {} {true} {false} }
> >           condition = ${if == {$acl_m3} {0} {true} {false} }
> >           verify = sender
> >           set acl_m7 = 1

>
> How do m5 and m3 get set earlier than MAIL? Is there something earlier
> in the ACL?
>

Yes there is. The m3 and m5 variablesa re used for:

# m3 is set to 1 if the sending host is locally banned; set to 2
# if the sender is locally banned; and set to 3 if the sending
# host is RBL listed;

# m5 is set to an error message if the sending host causes an error;

Both of these will cause a 'deny' in the RCPT ACL, so if any one of them
gets set the other MAIL ACL checks are skipped (hence the condition
stmts).

The full MAIL ACL is:

========================================================
acl_sender:
  warn    set acl_m1 = 0
          set acl_m2 = 0
          set acl_m3 = 0
          set acl_m4 = 0
          set acl_m5 =
          set acl_m6 = 0
          set acl_m7 = 0


  accept  hosts = :
          set acl_m1 = 1


  accept  senders = :
          hosts = PLYM_NET : 127.0.0.1
          set acl_m1 = 1


  deny    hosts = PLYM_NET : 127.0.0.1
          condition = ${if eq {$sender_helo_name} {} {true} {false} }
          log_message = Prohibited: UoP sender not issued HELO/EHLO.
          message = No HELO/EHLO issued.


  warn    hosts = ! PLYM_NET : ! 127.0.0.1
          condition = ${if or { {match {$sender_helo_name}
              {\N(?i)(^|\.)plym(outh)?\.ac\.uk$\N} } \
                                {match {$sender_helo_name}
              {\N^(?i)(students\.)?pms\.ac\.uk$\N} } \
                                {eqi {$sender_helo_name}
                                     {rsc-south-west.ac.uk} } \
                                {eqi {$sender_helo_name}
                                     {gradsouthwest.com} } \
                              } {true} {false} }
          set acl_m5 = Prohibited: Sending host HELO claims to be UoP
                       domain ($sender_helo_name).


  warn    hosts = ! PLYM_NET : ! 127.0.0.1
          sender_domains = +virtual_domains : *.PLYMOUTH : localhost
          set acl_m5 = Prohibited: Sender claims to be UoP.


  warn    condition = ${if eq {$sender_address_local_part}
                              {unkuoprewrite} {true} {false} }
          set acl_m5 = Prohibited: Invalid sender address.


  warn    condition = ${if eq {$acl_m5} {} {true} {false} }
          hosts = ! PLYM_NET : ! 127.0.0.1
          hosts = ! TABLES/banned/networks-allow :
                  TABLES/banned/networks : \
                  ! partial-lsearch;TABLES/banned/hosts-allow : \
                  partial-lsearch;TABLES/banned/hosts
         set acl_m3 = 1


  warn    condition = ${if eq {$acl_m5} {} {true} {false} }
          condition = ${if == {$acl_m3} {0} {true} {false} }
          hosts = ! PLYM_NET : ! 127.0.0.1
          senders = ! @@partial-lsearch;TABLES/banned/users-allow : \
                    @@partial-lsearch;TABLES/banned/users : \
                    ! *@partial-lsearch;TABLES/banned/hosts-allow : \
                    *@partial-lsearch;TABLES/banned/hosts
          set acl_m3 = 2


  warn    condition = ${if eq {$acl_m5} {} {true} {false} }
          condition = ${if == {$acl_m3} {0} {true} {false} }
          hosts = ! PLYM_NET : ! 127.0.0.1
          hosts = ! TABLES/banned/networks-allow : \
                  ! partial-lsearch;TABLES/banned/hosts-allow
          dnslists = RBL_LIST
          set acl_m3 = 3


  warn    condition = ${if eq {$acl_m5} {} {true} {false} }
          condition = ${if == {$acl_m3} {0} {true} {false} }
          verify = sender
          set acl_m7 = 1


accept
========================================================

> >   deny    log_message = Prohibited: Sender address is unrouteable
> >           message = Prohibited: Sender address is unrouteable
> >           condition = ${if == {$acl_m7} {0} {true} {false} }

>
> > If I tried to verify the sender by hand then I got:
> >
> > exim -bv cmayessg@???
> > cmayessg@??? verified
>
> Did you try -bvs? (-bv verifies a recipient - ok, this is often the same)
>

Rats, no. I forgot that 'bvs' checks the sender. However, doing it now I
get the same result:

exim -bvs cmayessg@???
cmayessg@??? verified

> Did you try running a test with -bh? and with -d as well?
>

No. I'll have to rig something up because most of our checks ignore
anything within the University.


John.

--
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
E-mail: John.Horne@???       Fax: +44 (0)1752 233839