Re: [exim] ACL deny senders

Góra strony
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
Dla: exim users
Temat: Re: [exim] ACL deny senders
SW & Work SaS wrote:
> Hello
>
> Thanks to your help I've done some step with the rules I'd like to setup
>
> in this case I would like to deny messages coming from certain users or
> certain domains
> but, as the users/domains can change a little, just keeping a base I would
> like to see if there's a match with part of the string
>
> I came to this
>
>
>    deny
>      condition =
> ${lookup{$sender_address}wildlsearch{/etc/myaclsenderdeny}{yes}{no}}
>      message = TO $header_to is unwelcome_01 - SUBJECT: $header_subject

>
>
> myaclsenderdny is a text file that contains the strings to look for in the
> $sender_address that, if I've understood, is the same as $header_from (from
> field)


No - not necessarily.

If you want to match on $header_from:, you will need to so specify.

Keep in mind that not all information is available 'early'.

> the strings are contained one per row
> for example
>
> ...
> sample
> mytest
> firstpart@
> @second
> bottom.com
> ...
>


File format will be 'perceived' differently by different lookup types.

I use MANY lookup types against ONE file, with a format of this sort:

wbh@???        # to block a specific address
*conducive.org            # to block an entire domain.tld
*tv                # to block an entire .tld


The first has no wildcards, obviously.

For the others, note the PRESENCE of a '*' wildcard and the ABSENCE of a
',' dot, and makes sure that does what you actually want for YOUR use,
as we are not doing quite the same thing with this file.

> if I understood well wildlsearch does the search and it is not case
> sensitive to lowercase or uppercase will match the same
> if the one of the strings contained into the file matches part of
> $sender_address thre should be the deny.
>


If you want to search WITHIN a string, a different method may be more
controllable:

Ex:
   # DATA_SCAN_01A1: IF message is from known spam-engine THEN deny
   #
    deny
      regex       = ^Received:: .*PowerMTA


Note here that there is specialized notation that tells the regex what
to look AT (the ^Received::) and where to initiate and cease looking for
a match - in this case - after ANY leading characters.

If you are looking for prefixes, something else is wanted.

> Well, I say "should" because here come my email and help request
> I've tried to put the three lines under acl_smtp_rcpt and acl_smtp_data but
> no luck, the email is sent anyway.
>
> Surely I'm doing something wrong,
> hope someone can help
>
> TIA
> Flaviano
>
>


Problem is primarily the expectation that $sender_address == $header_to

Add, whre you are testing:

logwrite = $sender_address $header-to

...and you'll see what Exim sees at that point in time.

Bill

--
韓家標