> > > acl_smtp_mail = check_sender
> > >
> > > check_sender:
> > > deny message = bad sender
> > > condition =
> > >
> > ${lookup{${domain:${sender_address}}}lsearch{/usr/exim/verify_
> > domains}{y
> > > es}{no}}
> > > condition =
> > >
> > ${lookup{${lc:${sender_address}}}dbm{/usr/exim/exch-user-table
> > .db}{no}{y
> > > es}}
> > > accept
> > >
> > > This blocks most mail I was expecting it to but a few
> > unknown senders
> > > seem to get through each day. If I run exim -bh with the
> same sender
> > > address that got through it is failed by the acl.
> > >
> > > Is there a way that some mail can avoid this acl?
> >
> > Non-SMTP mail?
> >
>
> The mail is smtp.
>
> 2004-09-20 09:15:42 SMTP connection from [151.100.114.249] (TCP/IP
> connection count = 7)
> 2004-09-20 09:15:43 1C9JKp-00030l-AD <=
> E4D0A20B9E9ED4118E3C00508BEED17106D7FA3A@??? H=(mendel.com)
> [151.100.114.249] P=smtp S=30645 id=quueoqhbqzvsvvcngtu@???
> T="Forum notify"
> 2004-09-20 09:15:43 SMTP connection from (mendel.com)
> [151.100.114.249]
> lost
>
> 2004-09-20 07:45:50 SMTP connection from [217.10.222.202] (TCP/IP
> connection count = 6)
> 2004-09-20 07:47:58 1C9Hw2-0005h6-B1 <=
> 194E4E81F995D411989200508BDCD8F3016D8B34@??? H=(Stefania.org)
> [217.10.222.202] P=smtp S=28455 id=gfylvnpsswemzlgkfou@???
> T="RE: Protected message"
> 2004-09-20 07:48:00 SMTP connection from (Stefania.org)
> [217.10.222.202]
> lost
>
> The examples above seem to be mails generated by the bagel-AA
> virus. The
> sending addresses are invalid and fail if I try them by hand.
>
> I must be missing something but I can't spot it.
>
It was a poorly designed ACL.
The mails were not coming in from baduser@??? but
baduser@??? which got through my ACL and were then
rewritten as baduser@??? by my rewrite rules.
Brandon