On Wed, Dec 03, 2008 at 05:37:36PM +0000, Chambers, Phil wrote:
> Unfortunately, my ACLs are set to use be more generic and not just set up for hotmail.com. I have a list of partial domains and corresponding regexes in a file, so I would need to re-design it completely to use dnsbd lookups. For example, I have two entries:
>
> *.hotmail.com: \.(msn|hotmail)\.com$
> *.msn.com: \.(msn|hotmail)\.com$
>
> Because, when I set it up several years ago I found that sometimes
> bothe hotmail.com and msn.com addresses could arrive from both
> domains!
Something like this might work then. This is very similar to what
we use and would use the generic file you mention above:
HELO_LOOKUP_FILE=/var/exim/helo-check
deny
log_message = HELO MISMATCH: Forged HELO for $sender_helo_name
set acl_m9 = ${lookup{$sender_helo_name} \
partial-lsearch{HELO_LOOKUP_FILE}{$value}{}}
condition = ${if !eq{$acl_m9}{}}
condition = ${if !eq{${lookup dnsdb{>: ptr=$sender_host_address}\
{$value}{}}} {}}
condition = ${if forany {${lookup dnsdb{>: ptr=$sender_host_address}\
{$value}{}}} {match{$item}{$acl_m9}}}
This might need some testing to make sure that the regex values in $acl_m9
work properly in the match condition. I haven't tested it specifically.
--
Dean Brooks
dean@???
