At 6:59 am +0100 2005/01/10, j2 wrote:
>>If you want to exclude for specific hosts on this one deny statement, you
>>can use !hosts = somehost before the first condition. "somehost" can be a
>>lookup, a hostname, an IP, or a file containing hostnames and/or IPs.
>
>
>I did
>
># HELO does not exist and no rdns
>
> deny condition = ${if eq {$acl_m9}{}{yes}{no}}
> condition = ${if eq {$acl_m8}{}{yes}{no}}
> message = Bad HELO: $sender_helo_name does not resolve\n\
> Aditionally, $sender_host_address has no rDNS\n\
> Please see RFC 2821 section 4.1.1.1,\n\
> RFC 1123 section 6.1.1 and RFC 1912 section 2.1
>
> !hosts = 206.124.128.61
>deny condition = ${if eq {$acl_m9}{}{no}{yes}}
> message = Forged HELO: you are $sender_host_address\n\
> please don't pretend to be $sender_helo_name
> log_message = Forged HELO: HELO does not match client ip
>
>
>
>but still
>
>Jan 10 06:57:24 statler exim: 2005-01-10 06:57:24
>H=electric.blarg.net (mail.blarg.net) [206.124.128.61] rejected EHLO
>or HELO mail.blarg.net: Forged HELO: HELO does not match client ip
did you put !hosts... before the first condition above? Literally
yes, but it goes with the previous deny! That was funny!
First of all in this case the order does not matter (conditions in a
deny are ANDed, and AND is commutative); second these conditions have
no side-effects, so you can place them as you like.
Giuliano
