> To try and make the configuration more efficient I am trying to use
> an ACL to deny senders where the IP address is listed in a file AND
> the 'RCPT to' domain is anything other than 'thisdomain.com'. This
> ACL seems to be blocking all senders if they are listed in the file
> regardless of destination.
>
> The ACL is in the acl_check_rcpt section and is as follows:
>
> deny
> condition = ${if and \
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}} \
> {match_domain {$domain}{! thisdomain.com}} \
> }
My personal view is that your life will be simpler if you don't
try to do this check in a 'condition =' block but instead directly
use the ACL verbs that do these checks directly. I think that this
would make your ACL here something like:
deny
hosts = /etc/exim4/conf.d/tmc-config/relay_from_xerox
!domains = thisdomain.com
message = ....
It's much easier to write and test ACL rules that use these features
directly instead of slogging through getting the string expansions
right.
- cks
