Matt wrote:
> In the past I have tried to block/defer users with no reverse DNS in
> exim.conf. Tried both the following.
>
> # : no reverse dns
> #defer
> # !hosts = net-lsearch;/etc/virtual/pophosts :
> /etc/virtual/relay_ips : 127.0.0.1
> # !verify = reverse_host_lookup
> # message = Reverse DNS lookup failed for host
> $sender_host_address
>
> #defer
> #!condition = ${lookup dnsdb{defer_never,ptr=$sender_host_address}{yes}}
> #!hosts = net-lsearch;/etc/virtual/pophosts :
> /etc/virtual/relay_ips : 127.0.0.1
> # message = Reverse DNS lookup failed for host $sender_host_address
>
> I want to block users with no reverse DNS except my users trying to
> relay or authenticated users. It seems to block all users with no
> reverse DNS including those in pophosts. Any idea what I am doing
> wrong?
>
> Matt
>
I use a simple:
!condition = <whatever defines my AUTH'ed user community>
Where my right-side includes being successfully AUTH'ed, on the assigned
port, and with the expected protocol.
CAVEAT: This means delaying the deny/drop/defer test until such time as
conditionals and exceptions can be / have been tested.
IOW - you can't do it right away in the initial acl_smtp_connect, you
have to store the flags and wait until HELO time or even later.
HTH,
Bill
