On 12/02/2014 02:37 AM, Фадеев Виталий Львович wrote:
> I forgot to comment that this ACL doesnt work in Exim 4.84
>
>
> Tue, 02 Dec 2014 13:11:32 +0300 от Фадеев Виталий Львович <fvl@???>:
>> Hi!
>> Please, write proper ACL to FAQ:
>>
>> https://github.com/Exim/exim/wiki/AclHeloTricks
>>
>> HELO contain a IP part
>> drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
>> condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
>> condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}}{$sender_helo_name}{no}{yes}}
>> delay = 45s
>>
>> HELO contain my domains, subdomains or my interface by dns lookup
>>
>> drop message = No you are not ME or OURS (HELO was $sender_helo_name and equal my interface hostname)
>> condition = ${if !def:interface_address {no}{yes}}
>> condition = ${if match_ip{$interface_address}{${lookup dnsdb{>: defer_never,a=$sender_helo_name}}}{yes}{no}}
>> delay = 45s
>>
>> HELO not contain a full host (ex: host.domain.com)
>> drop message = Invalid domain or IP given in HELO/EHLO (HELO was $sender_helo_name)
>> condition = ${if match{$sender_helo_name}{.+\\\..+\\\..+}{no}{yes}}
>> !authenticated = *
>> !senders = wildlsearch;/etc/exim4/lst/skp_helodot
>> !hosts = +ignore_defer : +ignore_unknown : +relay_from_hosts : net-iplsearch;/etc/exim4/lst/skp_heloadsl
>> condition = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
>> delay = 45s
The first of these should work, but the other two fail as of version
4.77, because they contain expansion variables in the second parameter
of the condition match_ip. Are you suggesting that none of them work?
