I noticed errors of the following sort...
[ID 197553 mail.info] 2004-08-25 08:
54:54 H=[221.2.198.66] temporarily rejected connection in "connect" ACL: failed
to expand ACL string "${if >${acl_m2}{0}{$acl_m2}{0}}s": missing { after ">"
after implementing some of the suggestions in
http://slett.net/spam-filtering-for-mx
Now, after looking at the ACL, I can't see exactly what is wrong with the last
"accept" directive in acl_connect, or how it deviates from the entry in the
Final ACL in the above document. Below is the acl as it appears in my exim.conf.
*************** acl_connect **************
acl_connect:
# Record the current timestamp, in order to calculate elapsed time
# for subsequent delays.
warn
set acl_m2 = $tod_epoch
# Accept mail rec'd over local SMTP (ie. not over TCP/IP). We do this by
# testing for an empty sending host field. Also accept mails rec'd from
# hosts for which we relay mail. Recipient verification is omitted here
#
accept
hosts = : +relay_from_hosts
############################## DNS Checks #############################
#
# The results of these checks are cached, so multiple recipients does
# not translate into multiple DNS lookups.
#
############################## DNS Checks #############################
#
# deny
warn
!hosts = ${if exists {/local/etc/exim/whitelist-hosts} \
{/local/etc/exim/whitelist-hosts}}
dnslists = dnsbl.sorbs.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
bl.spamcop.net : \
dsn.rfc-ignorant.org : \
sbl-xbl.spamhaus.org
set acl_c1 = X-DNSbl-Warning: \
$sender_host_address is listed in $dnslist_domain \
${if def:dnslist_text { ($dnslist_text)}}
# If reverse DNS lookup of the sender's host fails (ie. these is no rDNS
# entry, or a forward lookup of the resulting name does not match the
# original IP address), then reject the message.
#
# deny
warn
message = Reverse DNS lookup failed for host \
$sender_host_address.
!verify = reverse_host_lookup
set acl_m9 = Reverse DNS lookup failed for host \
$sender_host_address
set acl_c1 = X-DNS-Warning: $acl_m9
########################## End DNS Checks #############################
#
########################## End DNS Checks #############################
accept
set acl_m2 = ${if def:acl_c1 {${eval:20 + $acl_m2 - $tod_epoch}}{0}
}
delay = ${if > ${acl_m2}{0}{$acl_m2}{0}}s
*************** acl_connect **************
Now, I know that some would say I should not be implementing some (most? all?)
of these recommendations without completely and thoroughly understanding them
and I would normally agree. However, I find myself under an increasing spam
load and need to learn as I go. I just need a little assistance
finding the missing piece to this puzzle.
System is Solaris 9. Exim 4.41 w/ Exiscan 4.41-25 applied (and I'm
having some other problems with that patch and SPF support, but that's
another e-mail).
Thanks in advance!
Cheers!
--
Living in California is like driving around in a shitty loaner car.
It makes you appreciate living in some other part of the country
just that much more.
