Re: [exim] Creating local blacklist

Top Page
Delete this message
Reply to this message
Author: Sebastian Arcus
Date:  
To: exim-users
Subject: Re: [exim] Creating local blacklist

On 26/04/18 02:25, Mike Brown via Exim-users wrote:
> On Wed, Apr 25, 2018 at 11:19:56PM +0100, Jeremy Harris via Exim-users wrote:
>> On 25/04/18 15:19, Mike Brown via Exim-users wrote:


</snip>

>
> I went back and looked again and found the following:
>
> acl_smtp_mail = acl_check_mail
> acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_data = acl_check_data
> acl_smtp_mime = acl_check_mime
>
> Just curious, why bother having scl_smtp_xxxx when they become acl_check_xxxx?
> Why not just use acl_smtp_rcpt? Just goes to show what little I know about
> exim. I don't do anything fancy with my setup, because it is just me on my
> home server.


I'm not an expert on Exim, but as far as I understand the bit on the
left of the '=' sign is an Exim setting name - so that can't be changed.
The bit on the right is whatever you choose to be. So "acl_smtp_mail =
acl_check_smtp" can be read like:

"just after the server receives the the MAIL smtp command, execute the
acl named 'acl_check_mail'"

Think of "acl_check_mail" as a function name, whose contents and
functionality you define lower down in the config file.

The entities on the left (acl_smtp_mail, acl_smtp_rcpt etc.) are a
pre-defined list of acl's which you can use in Exim at various points
during processing of the email connection and messages. There are
further explanations as to what each one does and when it is called here:

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html

So towards the top of exim conf you would have define the acl, if you
intend to use it lower down:

[code]

acl_smtp_mail = my_own_smtp_mail_acl

[/code]

... and lower down in exim.conf you write what my_own_smtp_mail_acl is
supposed to do or check:

[code]

# this starts the section containing all acl's
begin acl

my_own_smtp_mail_acl:

   deny    message       = Restricted characters in address
           domains       = +local_domains
           local_parts   = ^[.] : ^.*[@%!/|]


   deny authenticated = *
        !encrypted    = *
        message       = TLS required on authenticated connections


accept

[/code]

Most acl's have to end with 'accept' (maybe all?) - otherwise messages
or connections reaching the end of the acl without being explicitly
accepted further up would be rejected.

I hope the above helps a bit. I struggled as well when I started to use
Exim in understanding the structure and purpose of the config file - but
eventually it starts to make sense :-)