Sebastian Tennant wrote:
> Hi all,
>
> Try as a might, I can't get any ACLs to work.
>
> I'm using Exim 4.69 (split configuration) on a Debian box and I've edited:
>
> /etc/exim4/conf.d/acl/00_exim4_config_header
Debian - especially with split-config, has its own 'ways' and its own mailing
list. Link and details are in your on-box docs.
Meanwhile, in the MAIN section of the configure file(s), *before* 'begin acl'
the general case is that one will 're-map' the very basic default behaviour of
the built-in acl's (not much more than a naked 'accept') to your own custom
clauses - at least for any that you choose to alter.
It won't look exactly like mine, (below) and I can't personally speak for Debian
split which I'd have thought has already doine this... but here is at least an
example so you have an idea what to look for:
=====
# MAIN_6: Map Exim's core acl functions to our revised over-rides
# ELSE Exim's built-ins apply if not re-directed here.
#
acl_smtp_connect = acl_r_connect
acl_smtp_helo = acl_r_helo
acl_smtp_mail = acl_r_mail
acl_smtp_rcpt = acl_r_rcpt
acl_smtp_predata = acl_r_predata
acl_smtp_data = acl_r_data
acl_smtp_auth = acl_r_auth
=====
HTH,
Bill
>
> to read:
>
> begin acl
>
> acl_smtp_connect:
> deny
> message = Go away!
> hosts = 79.126.200.252
>
> but when I do:
>
> $ exim -bh 79.126.200.252
>
> the connection is not refused:
>
> **** SMTP testing session as if from host 79.126.200.252
> **** but without any ident (RFC 1413) callback.
> **** This is not for real!
> >>> host in hosts_connection_nolog? no (option unset)
> >>> host in host_lookup? yes (matched "*")
> >>> looking up host name for 79.126.200.252
> >>> IP address lookup using gethostbyaddr()
> >>> IP address lookup failed: h_errno=1
> LOG: no host name found for IP address 79.126.200.252
> >>> host in host_reject_connection? no (option unset)
> >>> host in sender_unqualified_hosts? no (option unset)
> >>> host in recipient_unqualified_hosts? no (option unset)
> >>> host in helo_verify_hosts? no (option unset)
> >>> host in helo_try_verify_hosts? no (option unset)
> >>> host in helo_accept_junk_hosts? no (option unset)
> 220 example.com ESMTP Exim 4.69 Fri, 11 Jun 2010 23:14:04 +0100
> quit
> 221 example.com closing connection
>
> As there's no mention of acl_smtp_connect in the output I've also tried
> creating the same stanza for host_reject_connnection, but without success.
>
> What am I doing wrong? Any help/tips much appreciated.
>
> Sebastian
>
> P.S. I'm also not having any luck adding IP addresses to
> /etc/exim4/local_host_blacklist - supposedly a pre-configured ACL in
> Debian installations...
>
