* on the Thu, Jun 07, 2007 at 11:59:13AM -0400, Dean Brooks wrote:
>>> I think you are right. How can we work around that? Can we check all IP
>>> addresses EXCEPT the last one?
>> And if the last address is my RFC1918 address connecting to my mail server
>> inside my network before relaying via a smarthost? So now you exempt the
>> last two addresses...
> This example is specifically why this cannot easily, if at all, be
> done within an ACL. You would need to walk up the list of received
> headers to find the first real address before making an evaluation,
> and even then, care has to be taken for any forged addresses/headers that
> may be present.
I disagree. This could all be done fairly easily in exim it's self
without having to resort to an external program. Especially using
the latest expansion operators:
${forall}
${map}
${filter}
The messy recursive acl seen earlier in this thread was only necessary
because the ${forall} function never existed when I wrote it. A much
cleaner acl would be possible now. However, I can't be arsed to
install the latest version of exim in order to get access to these
functions just to prove a point.
> This sort of intelligence is best left to readsocket{} calls or
> imbedded perl.
Those should only be used as a last resort imo.
Mike