hi all,
i've
...
acl_smtp_connect = acl_check_connect
acl_check_connect:
drop hosts = net-lsearch;/path/to/ipnets.blacklist
accept
...
% cat /path/to/ipnets.blacklist
A.B.C.D/17 # TESTING ONLY
now, on telnet to my Exim from the A.B.C.D/17 net, i'd expect the connection to
be simply dropped.
rather, the condition fails, and a connection IS allowed. log output -->
24323 Listening...
...
24325 set_process_info: 24325 handling incoming connection from
some.other.domain.com [A.B.C.XX]
...
24325 using ACL "acl_check_connect"
24325 processing "drop"
24325 check hosts = net-lsearch;/path/to/ipnets.blacklist
24325 search_open: lsearch "/path/to/ipnets.blacklist"
24325 search_find: file="/path/to/ipnets.blacklist"
24325 key="A.B.C.XX" partial=-1 affix=NULL starflags=0
24325 LRU list:
24325 :/path/to/ipnets.blacklist
24325 End
24325 internal_search_find: file="/path/to/ipnets.blacklist"
24325 type=lsearch key="A.B.C.XX"
24325 file lookup required for A.B.C.XX
24325 in /path/to/ipnets.blacklist
24325 lookup failed
24325 host in "net-lsearch;/path/to/ipnets.blacklist"? no (end of list)
24325 drop: condition test failed
24325 processing "accept"
24325 accept: condition test succeeded
24325 SMTP>> 220 ESMTP Sat, 17 Sep 2005 13:35:04 -0700
24325 Process 24325 is ready for new message
24325 smtp_setup_msg entered
iiuc, per the spec & google, net-lsearch is the right choice for IP lookups.
is there an additional syntax requirement for IP masks? also, can my
'ipnets.blacklist' have a MIX of masked ranges and single IPs?
thx!
richard
