Re: [exim] ACL filtering

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: W B Hacker
Fecha:  
A: exim users
Asunto: Re: [exim] ACL filtering
Always Learning wrote:
> W B Hacker wrote on Fri, 23 Apr 2010 14:38:13 -0400.
>
>> In about 26 countries now, I've always tried to at least drive on the same side
>> of the road as the 'locals' do.
>
> Trying and actually succeeding are sometimes different particularly at
> night, when one is tired and after a few alcoholic drinks.


Nothing to do with perl or Exim, but if you don't correct THAT behavioural mix,
it will correct YOU .. and/or one or more innocent bystanders..

*snip*
>
> deny    message       = [C05] Your mailserver is misconfigured. Invalid
> Host Reverse Lookup. MsgX
>         !condition    = ${if match{$sender_helo_name}{XXXXXX}}


Absent de-obfuscation of your 'XXXX...' not sure what THAT is doing...

NB: if this clause is where it belongs - in acl_smtp_connect you do not yet
*have* the $sender_helo_name, which is not offered to you until acl_smtp_helo.

If that is NOT throwing errors to the log, then you have the whole clause
somewhere else - too late to do you as much good as it can do.

>         !verify       = reverse_host_lookup

>


If you have THAT, and with a 'deny' class verb, and where it belongs - in
acl_smtp_connect phase, you should hardly ever even SEE an *unwanted* 'adsl'
sourced connection survive it...

But not all ARE 'unwanted', so you should add ONE of either:

     condition   = ${if eq{$interface_port}{25}}


or else...

     !condition   = ${if eq{$interface_port}{567}}


So your broadband/dialup/WiFi/traveling users can attach and login to send from
adsl or whatever.

If that is what your 'XXXX' above was for - it ain't the best way to do that.

*snip*