Re: [exim] ACL filtering

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Always Learning
Data:  
Para: Exim Users
Asunto: Re: [exim] ACL filtering

W B Hacker wrote on Fri, 23 Apr 2010 22:38:05 -0400.

> > Trying and actually succeeding are sometimes different particularly at
> > night, when one is tired and after a few alcoholic drinks.


> Nothing to do with perl or Exim, but if you don't correct THAT behavioural mix,
> it will correct YOU .. and/or one or more innocent bystanders..


I do not believe so. Lots of people drive when they are tired (tiredness
covers a range of different degrees of tiredness) and having a few
alcoholic drinks with a meal is often an easy way to relax. The problem
of driving on the 'wrong' side of the road is caused by having two
different system in Europe. For me, the 'right' side is the 'right' side
to drive on.

Sweden changed successfully now old lagging behind Britain needs to do
the same. The Brits have changed to Centigrade and measurements are now
in Napoleon's favourite format (i.e. metric). Motorways - right from the
beginning - have been built to be bi-directional (i.e. suitable for
driving on the right).

> > deny    message       = [C05] Your mailserver is misconfigured. Invalid
> > Host Reverse Lookup. MsgX
> >         !condition    = ${if match{$sender_helo_name}{XXXXXX}}


> Absent de-obfuscation of your 'XXXX...' not sure what THAT is doing...


It is part of a taylor-made configuration.

> NB: if this clause is where it belongs - in acl_smtp_connect you do not yet
> *have* the $sender_helo_name, which is not offered to you until acl_smtp_helo.


I am quoting from my acl_smtp_rcpt.

> >         !verify       = reverse_host_lookup

> >
>
> If you have THAT, and with a 'deny' class verb, and where it belongs - in
> acl_smtp_connect phase, you should hardly ever even SEE an *unwanted* 'adsl'
> sourced connection survive it...


I have two active sections in ACL. The first is acl_smtp_rcpt and the
second is acl_smtp_data.

deny    message       = [C05] Your mailserver is misconfigured. Invalid
Host Reverse Lookup. MsgX
        !condition    = ${if match{$sender_helo_name}{xxxxxx}}
        !verify       = reverse_host_lookup


comes before

deny    message       = [C06.5]  Msg6 Msg2
        hosts         = ^.*[.-_]adsl[.-_].*



Jim Cheetham suggested omitting ^.* but I have reservations about
abandoning the .* because I am unsure whether Exim will do a partial
match without .*

> But not all ARE 'unwanted', so you should add ONE of either:
>
>      condition   = ${if eq{$interface_port}{25}}

>
> or else...
>
>      !condition   = ${if eq{$interface_port}{567}}

>
> So your broadband/dialup/WiFi/traveling users can attach and login to send from
> adsl or whatever.


Our Exim is purely for sending mail directly to mail servers (and
directly to a few email programs that receive SMTP mail) and receiving
mail from normal mail servers. At the moment no
broadband/dialup/WiFi/traveling users attach to Exim.

Our Exim listens on these ports:

    daemon_smtp_ports = 25 : 465 : 587
    tls_on_connect_ports = 465


> If that is what your 'XXXX' above was for - it ain't the best way to do that.


'XXXXXX' is the best way to allow an email programme to emulate remote
mail servers for testing purposes.

Regards,

Paul.

--