Heiko
Thanks for the response. I'll test this out so I can get to grips with the AND aspect. Chris suggested a different solution which I am going to use, as it looks more efficient than the one I was trying to use.
deny
hosts = /etc/exim4/conf.d/tmc-config/relay_from_xerox
!domains = thisdomain.com
message = ....
Thanks again.
Regards,
Pete.
-----Original Message-----
From: Exim-users [mailto:exim-users-bounces+peter.leeman=moray.gov.uk@exim.org] On Behalf Of Heiko Schlittermann
Sent: 29 June 2016 22:06
To: exim-users@???
Subject: Re: [exim] Router or ACL - Deny all but one domain for specific IPs
Peter Leeman <Peter.Leeman@???> (Mi 29 Jun 2016 22:50:13 CEST):
> I previously request help regarding 'Exim4 route based on senders IP
> address' and received great help. I've included the code I ended up
> with at the end of this email,
>
> To try and make the configuration more efficient I am trying to use an ACL to deny senders where the IP address is listed in a file AND the 'RCPT to' domain is anything other than 'thisdomain.com'. This ACL seems to be blocking all senders if they are listed in the file regardless of destination.
>
> The ACL is in the acl_check_rcpt section and is as follows:
>
> deny
> condition = ${if and \
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}} \
> {match_domain {$domain}{! thisdomain.com}} \
> }
>
> If I just use the match_ip line without the and it works based on the IP address, it fails when I add the match_domain with the following error:
>
> 451 Temporary local problem - please try later
> LOG: [3480] H=(me.thisdomain.com) [1.2.3.4] F=<me@???>
> temporarily rejected RCPT someone@???: failed to expand ACL
> string "${if and
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-co
> nfig/relay_from_xerox}} {match_domain {$domain}{! T=thisdomain.com}}
> }": each subcondition inside an "and{...}" condition must be in its
> own {}
Try this. Not tested. I've added an additional pair of {}
and{ {condA}{condB}{condC}… }
deny
condition = ${if and\
{\
{match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}}\
{match_domain {$domain}{! thisdomain.com}}\
}\
}\
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
SAVE PAPER - Please do not print this e-mail unless absolutely necessary.
******** The Moray Council: Internet E-mail Notice ********
Moray Council Web address: http://www.moray.gov.uk
Main switchboard: 01343 543451
For details on how Moray Council uses personal information, visit http://www.moray.gov.uk/privacy
The contents of this e-mail and any attachments ('this e-mail') are confidential and intended solely for the addressee.
If this e-mail has been sent to you by mistake, please notify postmaster@??? as soon as possible; you should then delete this e-mail from your computer.
