[exim] failed to expand ACL string missing or misplaced { o…

Top Page
Delete this message
Reply to this message
Author: [Cardiff] Tugdual de LASSAT
Date:  
To: exim-users
Subject: [exim] failed to expand ACL string missing or misplaced { or }
Hello the list :

I've tried using this script in Exim in order to stop abusive mails received
from ADSL senders : https://github.com/Exim/exim/wiki/Verification

drop   message          = Helo is ADSL or DIAL (HELO was $sender_helo_name)
and your ip $sender_host_address not is a MX/SPF of domain
<$sender_address_domain>
         !senders       = :
         condition      = ${if match
{$sender_helo_name}{\\d+\\.\\d+\\.\\d+\\.\\d+|\\d+-\\d+-\\d+-\\d+|host|dsl|d
ial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|c
ustomer}{yes}{no}}
         !hosts         = +ignore_defer : +ignore_unknown :
net-iplsearch;/etc/exim4/lst/skp_heloadsl
         condition      = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_lax,a=${lookup dnsdb{>:
defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}
            !spf        = pass
         delay          = 45s


#-
drop   message          = Reverse verified ($sender_host_name) is ADSL or
DIAL, Helo $sender_helo_name not is $sender_host_address and your ip
$sender_host_address not is a MX/SPF of domain <$sender_address_domain>
         !senders       = :
         condition      = ${if def:sender_host_name {true}{false}}
         condition      = ${if match
{$sender_host_name}{\\d+\\.\\d+\\.\\d+\\.\\d+|\\d+-\\d+-\\d+-\\d+|host|dsl|d
ial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|c
ustomer}{yes}{no}}
         !hosts         = +ignore_defer : +ignore_unknown :
net-iplsearch;/etc/exim4/lst/skp_heloadsl
         condition      = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_lax,a=${lookup dnsdb{>:
defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}
         condition      = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_never,a=$sender_helo_name}\}}{no}{yes}}
            !spf        = pass
         delay          = 45s


#-
drop   message          = Reverse unchecked (${lookup dnsdb{>:
defer_never,ptr=$sender_host_address}\}) is ADSL or DIAL, Helo
$sender_helo_name not is $sender_host_address and your ip
$sender_host_address not is a MX/SPF of domain <$sender_address_domain>


         !senders       = :
         condition      = ${if def:sender_host_name {false}{true}}
         condition      = ${if match {${lookup dnsdb{>:
defer_never,ptr=$sender_host_address}}\}{\\d+\\.\\d+\\.\\d+\\.\\d+|\\d+-\\d+
-\\d+-\\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dy
n|static|ppp|speedy|customer}{yes}{no}}
         !hosts         = +ignore_defer : +ignore_unknown :
net-iplsearch;/etc/exim4/lst/skp_heloadsl
         condition      = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_lax,a=${lookup dnsdb{>:
defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}
         condition      = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_never,a=$sender_helo_name}\}}{no}{yes}}
            !spf        = pass
         delay          = 45s


And after 2 / 3 days I see a lot of these in my exim logs :
2013-02-06 15:53:05 H=host5.squallnetwork.net (ns7.squallnetwork.net)
[86.66.32.133] F=<exp@???> temporarily rejected RCPT
<rcpt@???>: failed to expand ACL string "${if
match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup
dnsdb{>: defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}": missing or
misplaced { or }

2013-02-06 15:56:36 H=91.207.95.177.static.clanordns.net
(vs1430.cloud1.tdns.to) [91.207.95.177] F=<exp@???> temporarily
rejected RCPT <rcpt@???>: failed to expand ACL string "${if
match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup
dnsdb{>: defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}": missing or
misplaced { or }

2013-02-06 16:08:05 H=host5.squallnetwork.net (ns7.squallnetwork.net)
[86.66.32.133] F=< exp@??? > temporarily rejected RCPT <
rcpt@??? >: failed to expand ACL string "${if
match_ip{$sender_host_address}{${lookup dnsdb{>:
defer_never,a=$sender_helo_name}\}}{no}{yes}}": missing or misplaced { or }

I've checked the condition lines concerned and either I'm mad, either I
don't see what's wrong.. For me brackets are well placed, and / or correctly
numbered in opening and closings..
Extend has been placed in file : 31_exim4-config_check_rcpt, and
/etc/exim4/lst/skp_heloadsl file exists and has content.

Any ideas are welcome..
Thanks by advance

Tugdual DE LASSAT