[exim] R: ACL deny senders

Góra strony
Delete this message
Reply to this message
Autor: SW & Work SaS
Data:  
Dla: exim-users
Temat: [exim] R: ACL deny senders
Hi Bill

Thanks a lot for your reply,

I've done one step more on a very long way

no problem for the tested part, it is ok,
I left the conditions only in acl_smtp_data as in rcpt not all content was available
(in acl_smtp_rcpt it worked the same and I imagine it helps reducing resources but logging all details let me know something more about)

the (my) big mistake was in the conditions to test,
I spent some (or many) hours looking around and, at the end, this is working.

I've still lot to learn and lot to do for our configuration
but your help drove me to the right way.

Thanks
Flaviano




-----Messaggio originale-----
Da: exim-users-bounces+info=swwork.it@???
[mailto:exim-users-bounces+info=swwork.it@exim.org]Per conto di W B
Hacker
Inviato: giovedì 27 ottobre 2011 8.15
A: exim users
Oggetto: Re: [exim] ACL deny senders


SW & Work SaS wrote:
> Hello
>
> Thanks to your help I've done some step with the rules I'd like to setup
>
> in this case I would like to deny messages coming from certain users or
> certain domains
> but, as the users/domains can change a little, just keeping a base I would
> like to see if there's a match with part of the string
>
> I came to this
>
>
>    deny
>      condition =
> ${lookup{$sender_address}wildlsearch{/etc/myaclsenderdeny}{yes}{no}}
>      message = TO $header_to is unwelcome_01 - SUBJECT: $header_subject

>
>
> myaclsenderdny is a text file that contains the strings to look for in the
> $sender_address that, if I've understood, is the same as $header_from (from
> field)


No - not necessarily.

If you want to match on $header_from:, you will need to so specify.

Keep in mind that not all information is available 'early'.

> the strings are contained one per row
> for example
>
> ...
> sample
> mytest
> firstpart@
> @second
> bottom.com
> ...
>


File format will be 'perceived' differently by different lookup types.

I use MANY lookup types against ONE file, with a format of this sort:

wbh@???        # to block a specific address
*conducive.org            # to block an entire domain.tld
*tv                # to block an entire .tld


The first has no wildcards, obviously.

For the others, note the PRESENCE of a '*' wildcard and the ABSENCE of a
',' dot, and makes sure that does what you actually want for YOUR use,
as we are not doing quite the same thing with this file.

> if I understood well wildlsearch does the search and it is not case
> sensitive to lowercase or uppercase will match the same
> if the one of the strings contained into the file matches part of
> $sender_address thre should be the deny.
>


If you want to search WITHIN a string, a different method may be more
controllable:

Ex:
   # DATA_SCAN_01A1: IF message is from known spam-engine THEN deny
   #
    deny
      regex       = ^Received:: .*PowerMTA


Note here that there is specialized notation that tells the regex what
to look AT (the ^Received::) and where to initiate and cease looking for
a match - in this case - after ANY leading characters.

If you are looking for prefixes, something else is wanted.

> Well, I say "should" because here come my email and help request
> I've tried to put the three lines under acl_smtp_rcpt and acl_smtp_data but
> no luck, the email is sent anyway.
>
> Surely I'm doing something wrong,
> hope someone can help
>
> TIA
> Flaviano
>
>


Problem is primarily the expectation that $sender_address == $header_to

Add, whre you are testing:

logwrite = $sender_address $header-to

...and you'll see what Exim sees at that point in time.

Bill

--
韓家標

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/