Phillip Carroll <postmaster@???> (Do 23 Mär 2017 01:39:04 CET):
> Hi all,
>
> My intent is to employ a whitelist of trusted host IPs.
>
> I am trying to employ an example straight from the current (4.89) exim
> manual, without success.
>
> The specific example that seems to not work as intended is from the
> description of match_ip in Chapter 11. Namely:
>
> ${if match_ip{$sender_host_address}{iplsearch;/some/file}...
>
> I have tried the following in the mail acl:
> accept logwrite = some text
> condition = ${if match_ip{$sender_host_address} \
> {iplsearch;/path/to/whitelist.hosts}}
accept
hosts = net-iplsearch;/path/to/whitelist
logwrite = …
> Where: whitelist.hosts contains exactly one line, containing a single simple
> IP4 address, ala:
> 12.34.56.78: some descriptive text
>
> The result of this code is to accept EVERY host that connects. (As indicated
> by the message written to the main log. Basically any random IP satisfies
> the match_ip condition. I hope someone can describe which part of the
> condition I have misread in the manual:
Your finding is wrong. The fact that the log message gets written
doesn't imply that the messages is accepted. The order of the statements
matter.
According to the spec, 'logwrite' fires immediatly, in contrast to
'log_message' and 'message'.
And, net-iplsearch is probably what you want, it seems to be simpler
than your condition.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -