Re: [exim] How would you do this?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Marc Perkel, exim-user
Betreff: Re: [exim] How would you do this?
On 2008-09-21 at 16:07 -0700, Phil Pennock wrote:
> On 2008-09-21 at 15:49 -0700, Marc Perkel wrote:
> > Looking up NZ records as follows:
> >
> > set acl_c_ns = ${lookup dnsdb{ns=$acl_c_sender_host_domain}{$value}fail}
> >
> > But what I want to do is look up each nameserver to see if any match a
> > black list. How would I do that?
>
> forany{<list>}{<condition>}


Oh, right, there's no dnsbl{} expansion. Perhaps there should be,
returning something ${extract...}-able.

Okay, use zns (to deal with mail domains which are sub-domains of where
the zone cut is), map an A lookup, accept that this won't support IPv6
and get by with this, pending a future Exim release to do things
"better". (I have no time to write a patch today)

This first uses 0.0.0.0 as a dummy unmatched value for cases where there
is no A record (ns-nl1.globnix.net is one of mine which only has AAAA,
or cases where it's a broken delegation) by way of demonstration.

Your base is to make a list of the IP addresses:
${map{${lookup dnsdb{>: zns=$acl_c_sender_host_domain}}}{${lookup dnsdb{>: a=$item}{$value}{0.0.0.0}}}}
and assign it to, say, acl_c_nsips which will let you just use
$acl_c_nsips for the list of all IP addresses (with optional bogus
0.0.0.0 in there).

Eg, looking for mail.spodhuis.org (pretending it's a mail domain):
212.13.204.40:0.0.0.0:70.85.31.202:193.202.115.177:193.201.200.77

So let's strip those bogus entries now that this demonstrates why I'm
filtering:
set acl_c_nsips = ${filter {${map{${lookup dnsdb{>: zns=$acl_c_sender_host_domain}}}{${lookup dnsdb{>: a=$item}}}}}{!eq{$item}{}}}

So then:
set acl_c_nsips_rev = ${map{$acl_c_nsips}{${if match{$item}{\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}{$4.$3.$2.$1}}}}

Now you have a list of the reverse-dotted-quad IPv4 addresses of the NS
resolvers for the first NS found walking up DNS from the mail domain.

Now you use forany. :)

${if forany{$acl_c_nsips_rev}{!eq{${lookup dnsdb{a=$item.zen.spamhaus.org}}}{}} {EVIL}{grudging-pass}}

Regards,
-Phil