[exim] does "net-lsearch" support mask-ed IP ranges, or just…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: OpenMacNews
Dátum:  
Címzett: exim-users
Tárgy: [exim] does "net-lsearch" support mask-ed IP ranges, or just indiv IPs?
hi all,

i've

    ...
    acl_smtp_connect         = acl_check_connect
    acl_check_connect:
    drop     hosts           = net-lsearch;/path/to/ipnets.blacklist


    accept
    ...



% cat /path/to/ipnets.blacklist
    A.B.C.D/17        # TESTING ONLY



now, on telnet to my Exim from the A.B.C.D/17 net, i'd expect the connection to
be simply dropped.

rather, the condition fails, and a connection IS allowed. log output -->

    24323 Listening...
    ...
    24325 set_process_info: 24325 handling incoming connection from 
some.other.domain.com [A.B.C.XX]
    ...
    24325 using ACL "acl_check_connect"
    24325 processing "drop"
    24325 check hosts = net-lsearch;/path/to/ipnets.blacklist
    24325 search_open: lsearch "/path/to/ipnets.blacklist"
    24325 search_find: file="/path/to/ipnets.blacklist"
    24325   key="A.B.C.XX" partial=-1 affix=NULL starflags=0
    24325 LRU list:
    24325   :/path/to/ipnets.blacklist
    24325   End
    24325 internal_search_find: file="/path/to/ipnets.blacklist"
    24325   type=lsearch key="A.B.C.XX"
    24325 file lookup required for A.B.C.XX
    24325   in /path/to/ipnets.blacklist
    24325 lookup failed
    24325 host in "net-lsearch;/path/to/ipnets.blacklist"? no (end of list)
    24325 drop: condition test failed
    24325 processing "accept"
    24325 accept: condition test succeeded
    24325 SMTP>> 220 ESMTP Sat, 17 Sep 2005 13:35:04 -0700
    24325 Process 24325 is ready for new message
    24325 smtp_setup_msg entered



iiuc, per the spec & google, net-lsearch is the right choice for IP lookups.

is there an additional syntax requirement for IP masks? also, can my
'ipnets.blacklist' have a MIX of masked ranges and single IPs?

thx!

richard