Peter Leeman <Peter.Leeman@???> (Mi 29 Jun 2016 22:50:13 CEST):
> I previously request help regarding 'Exim4 route based on senders IP address' and received great help. I've included the code I ended up with at the end of this email,
>
> To try and make the configuration more efficient I am trying to use an ACL to deny senders where the IP address is listed in a file AND the 'RCPT to' domain is anything other than 'thisdomain.com'. This ACL seems to be blocking all senders if they are listed in the file regardless of destination.
>
> The ACL is in the acl_check_rcpt section and is as follows:
>
> deny
> condition = ${if and \
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}} \
> {match_domain {$domain}{! thisdomain.com}} \
> }
>
> If I just use the match_ip line without the and it works based on the IP address, it fails when I add the match_domain with the following error:
>
> 451 Temporary local problem - please try later
> LOG: [3480] H=(me.thisdomain.com) [1.2.3.4] F=<me@???> temporarily rejected RCPT someone@???: failed to expand ACL string "${if and {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}} {match_domain {$domain}{! T=thisdomain.com}} }": each subcondition inside an "and{...}" condition must be in its own {}
Try this. Not tested. I've added an additional pair of {}
and{ {condA}{condB}{condC}… }
deny
condition = ${if and\
{\
{match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}}\
{match_domain {$domain}{! thisdomain.com}}\
}\
}\
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
