Re: [exim] check_helo_slow?

Góra strony
Delete this message
Reply to this message
Autor: Jim Roberts
Data:  
Dla: David
CC: exim-users
Temat: Re: [exim] check_helo_slow?
----- Original Message -----
From: "David" <david@???>
To: "David Woodhouse" <dwmw2@???>
Cc: <exim-users@???>; "Rick Cooper" <rcooper@???>
Sent: Monday, January 10, 2005 10:56 AM
Subject: Re: [exim] check_helo_slow?


> Hi !!
>
>> IIRC the '$1' in isip{} won't contain the IP address extracted by the
>> match if you do it that way; it'll always end up empty. I put the
>> isip{$1} inside the result of the ${if} on purpose.
>
> in fact it could be more simple, as if the helo is enclosed in []
> then it must be an ip literal, so it must match the ip address:
>
> # Check ip literals
>
>   accept  condition     = ${if match {$sender_helo_name}\
>   {\N^\[(.*)\]$\N}{yes}{no}}
>           condition     = ${if eq{$sender_helo_name}\
>   {[$sender_host_address]}{yes}{no}}

>
>   deny    condition     = ${if match {$sender_helo_name}\
>   {\N^\[(.*)\]$\N}{yes}{no}}
>           message       = Forged HELO: you are not $sender_helo_name
>           log_message   = Forged HELO: ip does not match

>


ummm... the first condition above is rather redundant, since it must be
true if the 2nd condition is true. To put it in english:

(1) test to see if $sender_helo_name is enclosed in square brackets.
(2) test to see if $sender_helo_name matches [$sender_host_address]. (note
that this includes the square brackets!)
(3) if (1) and (2) are both true, then accept.

So it would make sense to delete the first condition.

Also, as written (as an accept condition), if it's true, then you will skip
all the rest of your ACL checks, so be careful how you order things. I
think a better way to go would be:

deny    message = Forged HELO: you are not $sender_helo_name
           log_message = Forged HELO: ip does not match
           condition = ${if eq{$sender_helo_name}\
             {[$sender_host_address]}{no}{yes}}
           condition = ${if match {$sender_helo_name}\
             {\N^\[(.*)\]$\N}{yes}{no}}


I believe this accomplishes much the same thing, but will allow additional
ACL's to be applied after this one, if the message is NOT denied here.

Regards,
Jim Roberts
Punster Productions, Inc.