[exim] Anti-Spam ACL problem : failed to expand ACL string

Top Pagina
Delete this message
Reply to this message
Auteur: Khyron
Datum:  
Aan: exim-users
Onderwerp: [exim] Anti-Spam ACL problem : failed to expand ACL string
I noticed errors of the following sort...

[ID 197553 mail.info] 2004-08-25 08:
54:54 H=[221.2.198.66] temporarily rejected connection in "connect" ACL: failed
to expand ACL string "${if >${acl_m2}{0}{$acl_m2}{0}}s": missing { after ">"

after implementing some of the suggestions in
http://slett.net/spam-filtering-for-mx

Now, after looking at the ACL, I can't see exactly what is wrong with the last
"accept" directive in acl_connect, or how it deviates from the entry in the
Final ACL in the above document. Below is the acl as it appears in my exim.conf.

*************** acl_connect **************

acl_connect:

  # Record the current timestamp, in order to calculate elapsed time
  # for subsequent delays.
  warn
    set acl_m2          = $tod_epoch


  # Accept mail rec'd over local SMTP (ie. not over TCP/IP). We do this by
  # testing for an empty sending host field. Also accept mails rec'd from
  # hosts for which we relay mail. Recipient verification is omitted here
  #
  accept
    hosts               = : +relay_from_hosts


  ############################## DNS Checks #############################
  #
  # The results of these checks are cached, so multiple recipients does
  # not translate into multiple DNS lookups.
  #
  ############################## DNS Checks #############################
  #
  # deny
  warn
    !hosts              = ${if exists {/local/etc/exim/whitelist-hosts} \
                                      {/local/etc/exim/whitelist-hosts}}
    dnslists            = dnsbl.sorbs.net : \
                          dnsbl.njabl.org : \
                          cbl.abuseat.org : \
                          bl.spamcop.net : \
                          dsn.rfc-ignorant.org : \
                          sbl-xbl.spamhaus.org
    set acl_c1          = X-DNSbl-Warning: \
                          $sender_host_address is listed in $dnslist_domain \
                          ${if def:dnslist_text { ($dnslist_text)}}


  # If reverse DNS lookup of the sender's host fails (ie. these is no rDNS
  # entry, or a forward lookup of the resulting name does not match the
  # original IP address), then reject the message.
  #
  # deny
  warn
    message             = Reverse DNS lookup failed for host \
                          $sender_host_address.
    !verify             = reverse_host_lookup
    set acl_m9          = Reverse DNS lookup failed for host \
                          $sender_host_address
    set acl_c1          = X-DNS-Warning: $acl_m9


########################## End DNS Checks #############################
#
########################## End DNS Checks #############################

  accept
    set acl_m2          = ${if def:acl_c1 {${eval:20 + $acl_m2 - $tod_epoch}}{0}
}
    delay               = ${if > ${acl_m2}{0}{$acl_m2}{0}}s


*************** acl_connect **************

Now, I know that some would say I should not be implementing some (most? all?)
of these recommendations without completely and thoroughly understanding them
and I would normally agree. However, I find myself under an increasing spam
load and need to learn as I go. I just need a little assistance
finding the missing piece to this puzzle.

System is Solaris 9. Exim 4.41 w/ Exiscan 4.41-25 applied (and I'm
having some other problems with that patch and SPF support, but that's
another e-mail).

Thanks in advance!

Cheers!


--
Living in California is like driving around in a shitty loaner car.
It makes you appreciate living in some other part of the country
just that much more.