Re: [exim] help with condition match

トップ ページ
このメッセージを削除
このメッセージに返信
著者: W B Hacker
日付:  
To: exim users
題目: Re: [exim] help with condition match
Jim Pazarena wrote:
> I created the following:
>
> deny message = We don't want your spam! Go away!
> log_message = blacklisted at ~pool-ukrtel.net reject
> condition = \
> ${if \
> {match{${lc:$sender_host_name}}{.pool.ukrtel.net}} \
> {true}{false}}
>
> and it fails with the following log line:
>
> 2012-06-06 22:15:16 H=89-147-34-207.qcislands.net (wwwb.qcislands.net)
> [207.34.147.89] F=<webmaster@???> temporarily rejected RCPT
> <admin@???>: failed to expand ACL string "${if {
> match{${lc:$sender_host_name}}{.pool.ukrtel.net}} {true}{false}}":
> condition name expected, but found "{match{${lc:$sen"
>
> I am slightly confused, and suggestions would be most appreciated.


Not a direct answer to your question, but hopefully a more efficient way
to eliminate it.

You might find this easier to maintain as it needeth not editing of the
configure file. My MUA will have line-wrapped it - it is a single line:

====

deny
    condition   = ${lookup 
{$sender_host_name}wildlsearch{/var/filters/blockfile}{yes}{no}}


===

The blockfile cited is a simple flat-file with entries of the form;

===

*pool-ukrtel.net

===

One per line. Can be appended to with scripting, and/or maintained with
an ignorant text editor.

No /configure editing needed thereafter.

No exim restart needed at changes

Giving each miscreant it own acl stanza will run you ragged, given that
the flatfile here has about 3 or 4 thousand entries...

And BTW...

.. an exim rDNS check will toss all the dynamic-IP pool WINbots right at
'CONNECT' for failure to have a PTR RR that mates to an A or MX record
for a proper FQDN.

That PROBABLY would nail the one you cite. And essentially ALL OTHER
Winbots on residential connectivity pools, with minimal Exim workload.

Make sure to apply that check only to port 25. Your own user-commmuity
arriving on port 587 will seldom have DNS credentials, nor should they.

===
deny
condition   = ${if eq{$interface_port}{25}}
!verify     = reverse_host_lookup
===


Look at a (usually very small) IP-whitelist FIRST, then skip this test
for the very, very few of our trusted correspondents you NEED to give a
hall-pass to. File-storage or bespoke-application servers who have no
FQDN assigned but must send you cron'ed reports, to name one such.

HTH,

Bill
--
韓家標