On Wed, 2004-04-21 at 15:48, Philip Hazel wrote:
> On Wed, 21 Apr 2004, John Horne wrote:
>
> > The MAIL ACL was:
> >
> > warn condition = ${if eq {$acl_m5} {} {true} {false} }
> > condition = ${if == {$acl_m3} {0} {true} {false} }
> > verify = sender
> > set acl_m7 = 1
>
> How do m5 and m3 get set earlier than MAIL? Is there something earlier
> in the ACL?
>
Yes there is. The m3 and m5 variablesa re used for:
# m3 is set to 1 if the sending host is locally banned; set to 2
# if the sender is locally banned; and set to 3 if the sending
# host is RBL listed;
# m5 is set to an error message if the sending host causes an error;
Both of these will cause a 'deny' in the RCPT ACL, so if any one of them
gets set the other MAIL ACL checks are skipped (hence the condition
stmts).
The full MAIL ACL is:
========================================================
acl_sender:
warn set acl_m1 = 0
set acl_m2 = 0
set acl_m3 = 0
set acl_m4 = 0
set acl_m5 =
set acl_m6 = 0
set acl_m7 = 0
accept hosts = :
set acl_m1 = 1
accept senders = :
hosts = PLYM_NET : 127.0.0.1
set acl_m1 = 1
deny hosts = PLYM_NET : 127.0.0.1
condition = ${if eq {$sender_helo_name} {} {true} {false} }
log_message = Prohibited: UoP sender not issued HELO/EHLO.
message = No HELO/EHLO issued.
warn hosts = ! PLYM_NET : ! 127.0.0.1
condition = ${if or { {match {$sender_helo_name}
{\N(?i)(^|\.)plym(outh)?\.ac\.uk$\N} } \
{match {$sender_helo_name}
{\N^(?i)(students\.)?pms\.ac\.uk$\N} } \
{eqi {$sender_helo_name}
{rsc-south-west.ac.uk} } \
{eqi {$sender_helo_name}
{gradsouthwest.com} } \
} {true} {false} }
set acl_m5 = Prohibited: Sending host HELO claims to be UoP
domain ($sender_helo_name).
warn hosts = ! PLYM_NET : ! 127.0.0.1
sender_domains = +virtual_domains : *.PLYMOUTH : localhost
set acl_m5 = Prohibited: Sender claims to be UoP.
warn condition = ${if eq {$sender_address_local_part}
{unkuoprewrite} {true} {false} }
set acl_m5 = Prohibited: Invalid sender address.
warn condition = ${if eq {$acl_m5} {} {true} {false} }
hosts = ! PLYM_NET : ! 127.0.0.1
hosts = ! TABLES/banned/networks-allow :
TABLES/banned/networks : \
! partial-lsearch;TABLES/banned/hosts-allow : \
partial-lsearch;TABLES/banned/hosts
set acl_m3 = 1
warn condition = ${if eq {$acl_m5} {} {true} {false} }
condition = ${if == {$acl_m3} {0} {true} {false} }
hosts = ! PLYM_NET : ! 127.0.0.1
senders = ! @@partial-lsearch;TABLES/banned/users-allow : \
@@partial-lsearch;TABLES/banned/users : \
! *@partial-lsearch;TABLES/banned/hosts-allow : \
*@partial-lsearch;TABLES/banned/hosts
set acl_m3 = 2
warn condition = ${if eq {$acl_m5} {} {true} {false} }
condition = ${if == {$acl_m3} {0} {true} {false} }
hosts = ! PLYM_NET : ! 127.0.0.1
hosts = ! TABLES/banned/networks-allow : \
! partial-lsearch;TABLES/banned/hosts-allow
dnslists = RBL_LIST
set acl_m3 = 3
warn condition = ${if eq {$acl_m5} {} {true} {false} }
condition = ${if == {$acl_m3} {0} {true} {false} }
verify = sender
set acl_m7 = 1
accept
========================================================
> > deny log_message = Prohibited: Sender address is unrouteable
> > message = Prohibited: Sender address is unrouteable
> > condition = ${if == {$acl_m7} {0} {true} {false} }
>
> > If I tried to verify the sender by hand then I got:
> >
> > exim -bv cmayessg@???
> > cmayessg@??? verified
>
> Did you try -bvs? (-bv verifies a recipient - ok, this is often the same)
>
Rats, no. I forgot that 'bvs' checks the sender. However, doing it now I
get the same result:
exim -bvs cmayessg@???
cmayessg@??? verified
> Did you try running a test with -bh? and with -d as well?
>
No. I'll have to rig something up because most of our checks ignore
anything within the University.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: John.Horne@??? Fax: +44 (0)1752 233839
