Re: [exim] helo regexp checks

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Dudi Goldenberg
CC: exim-users
Subject: Re: [exim] helo regexp checks
On 2008-03-17 at 01:30 +0200, Dudi Goldenberg wrote:
> I'm trying to add some regex checks like:
> /^dsl.*\..*\..*/i       553 Rejected.
> /[ax]dsl.*\..*\..*/i    553 Rejected.


If the problem is the case-insensitive part, note that you can set
internal options within the regexp itself, using (?options). In
particular, /(?i)foo/ is equivalent to /foo/i but can be set where you
can't pass flags separately from the regexp.

If the problem is writing separate rules for each, then check your Exim
version ("exim -bV"); I don't know what any given OS ships with in any
given release. If you have at least Exim 4.67, then you can use the
'forany' conditional.

  condition = ${if forany {<; \
        \N(?i)^dsl.*\..+\.\N ;\
        \N(?i)[ax]dsl.*\..*\.\N \
          }{match {$sender_helo_name}{$item}}}


I changed the list separator to ';' since it's less likely to be in any
of your regexps; ':' will be in the non-capturing grouping parentheses
(?:...|...).

> The other thing is bypassing these checks for authenticated users.
>
> Authenticated users submit mail via the submission port (587) but I see the mail going through the EHLO/HELO checks.


EHLO happens before authentication. It's the response to EHLO which
tells the client which authentication mechanisms are available.

You can check $received_port to see which port number the connection is
on. You can then later, perhaps, require that the user be authenticated
if on port 587. If you start finding yourself putting in too many
special-case rules, note that one ACL can dispatch to another, so you
can fork the logic. Details in The Exim Specification.

Regards,
-Phil