j2 wrote:
> > # HELO does not resolve to ip
> >
> > deny condition = ${if eq {$acl_m9}{}{no}{yes}}
> > message = Forged HELO: you are $sender_host_address\n\
> > please don't pretend to be $sender_helo_name
> > log_message = Forged HELO: HELO does not match client ip
>
> It works, but if i need an exception for a few hosts, and do not want to do
> an "accept hosts" at the top of the ACL, what can i do? Thanks heaps so far
> tho!
If you want to exclude for specific hosts on this one deny statement, you
can use !hosts = somehost before the first condition. "somehost" can be a
lookup, a hostname, an IP, or a file containing hostnames and/or IPs.
On my system, I basically have 1 IP exclusion list. I have not seen a real
need to have multiples.
I personally recommend that message and log_message come before the
conditions. I have noticed on some occations that the (log_)message was
never set because of optimizations.
--
Lab tests show that use of micro$oft causes cancer in lab animals
