[exim] ACL troubles in newer versions

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MEvgeniy Berdnikov at ->
Delete this message
Reply to this message
Author: Gregory Edigarov
Date:  
To: exim-users
Subject: [exim] ACL troubles in newer versions
Hello Everybody,

Were there any changes in ACL processing logic? Trying to migrate my
config from 4.35 to the latest (4.94) version of exim,
I am really surprised that all test sessions are set to 250 Accepted

here's my acl rules:


acl_check_rcpt:

  accept  hosts = :

  accept  hosts         = +relay_from_hosts
          control       = submission

  accept  local_parts   = postmaster
          domains       = +local_domains

  accept  authenticated = *



  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]

  deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

  deny    message       = "HELO is not hostname or IP address (see RFC
821, 2821)"
          condition     = ${if match{$sender_helo_name}\
                            {\N\.\N}{no}{yes}}

  deny    message       = "HELO is IP address, sorry"
          condition     = ${if match{$sender_helo_name}\
                            {\N^[\[\]\d\.]+$\N}{yes}{no}}

  warn    set acl_m1    = ${lookup
dnsdb{defer_never,a=$sender_helo_name}{$value}{false}}

  deny    message       = "HELO is not hostname (lookup failed)"
          condition     = ${if eq{$acl_m1}{false}{true}{false}}
          !spf          = pass

  deny    message       = "Bad word in host name"
          condition     = ${if match{$sender_host_name $sender_helo_name} \
{adsl|dialup|dial-up|dialin|pool|peer|dhcp|pppoe|dynamic|gpon}{yes}{no}}
          !spf          = pass

  deny    message       = "Bad number in host name"
          condition     = ${if match{$sender_host_name $sender_helo_name} \
                               {\N\d+[-\.]\d+[-\.]\d+\N}{yes}{no}}
          !spf          = pass

  deny    message       = "host in blacklist - $dnslist_domain
$dnslist_text"
          hosts         = !+relay_from_hosts
          dnslists      = proxies.blackholes.easynet.nl : \
                          cbl.abuseat.org : \
                          sbl.spamhaus.org : \
                          bl.spamcop.net


  deny  spf             = fail
        message = $sender_host_address is not allowed to send mail from \
               ${if def:sender_address_domain \
                    {$sender_address_domain}{$sender_helo_name}}.  \
               Please see http://www.open-spf.org/Why;\
               identity=${if def:sender_address_domain \
                             {$sender_address}{$sender_helo_name}};\
               ip=$sender_host_address

accept


testing that with exim -bh <ip>
and having anything in mail from: that is not match spf record, expected
behavior: message got denied by spf rule,
observed behavior: 250 Accepted

why? what am I missing?



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Body rewriteRe: [exim] Body rewrite->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)