Hi all,
I'm having some trouble with my acl_smtp_rcpt ACL, basically in the acl is a
deny line which should deny all the hosts/networks in the flat file. However
for 1 ip address is seems to not work.
Here is the ACL:
#!!# ACL that is used after the RCPT command
check_recipient:
accept hosts = :
accept recipients = abuse@???
deny hosts = /tmp/spamblock-nets
deny senders = @@lsearch*;/usr/local/etc/spamblock-authors
require verify = sender
accept domains = +local_domains
accept hosts = +relay_hosts
deny message = relay not permitted
The file /tmp/spamblock-nets contains all the networks and IP
addresses *not* allowed to relay through the server. That file has 500+ lines
so I won't include it here.
Here are the last 5 line of /tmp/spamblock-nets:
#spam source
81.37.0.0/16
#spam source
84.199.21.0/24
194.183.111.85/32
Here is the output of "exim -C /tmp/configure -bh 194.183.111.85":
Note: /tmp/configure is identical to the running config except for the "deny
hosts = /tmp/spamblock-nets" line, which in the running config is "deny hosts
=
/usr/local/etc/spamblock-nets".
relay1.psi.neteu.net# /opt/IRT9exim/bin/exim -C /tmp/configure -bh
194.183.111.85
**** SMTP testing session as if from host 194.183.111.85
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? no (option unset)
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 relay1.psi.neteu.net ESMTP Welcome to Interoute Tue, 27 Feb 2007 16:45:34
+0100
helo 194.183.111.85
>>> 194.183.111.85 in helo_lookup_domains? no (end of list)
250 relay1.psi.neteu.net Hello 194.183.111.85 [194.183.111.85]
mail from:<pfarmer@???>
250 OK
rcpt to:<pfarmer@???>
>>> using ACL "check_recipient"
>>> processing "deny"
>>> check hosts = /tmp/spamblock-nets
>>> host in "/tmp/spamblock-nets"? no (malformed IPv4 address or address
>>> mask)
>>> deny: condition test failed
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check recipients = abuse@???
>>> pfarmer@??? in "abuse@???"? no (end of list)
>>> accept: condition test failed
>>> processing "deny"
>>> check senders = @@lsearch*;/usr/local/etc/spamblock-authors
>>> pfarmer@??? in "@@lsearch*;/usr/local/etc/spamblock-authors"?
>>> no (end of list)
>>> deny: condition test failed
>>> processing "require"
>>> check verify = sender
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing pfarmer@???
>>> hashbang.org.uk in "@[] : @ :
>>> relay[1234].mail.(psinet|interoute).(nl|be|de|fr|ch|it)"? no (end of
>>> list)
>>> hashbang.org.uk in "! +local_domains"? yes (end of list)
>>> calling lookuphost router
>>> routed by lookuphost router
>>> ----------- end verify ------------
>>> require: condition test succeeded
>>> processing "accept"
>>> check domains = +local_domains
>>> hashbang.org.uk in "@[] : @ :
>>> relay[1234].mail.(psinet|interoute).(nl|be|de|fr|ch|it)"? no (end of
>>> list)
>>> hashbang.org.uk in "+local_domains"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check hosts = +relay_hosts
>>> host in "/usr/local/etc/accept-nets"? yes (matched "194.183.111.0/25" in
>>> /usr/local/etc/accept-nets)
>>> host in "+relay_hosts"? yes (matched "+relay_hosts")
>>> accept: condition test succeeded
250 Accepted
quit
221 relay1.psi.neteu.net closing connection
Thanks,
--
Peter Farmer