Re: [exim] deny senders in RCPT ACL regular expression and …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: slp tees
Date:  
À: exim-users
Sujet: Re: [exim] deny senders in RCPT ACL regular expression and wildcards won't match for some reason
I managed to figure it out.

It was the \N. When I was looking at the debug logs, I noticed that for
another blacklist that used simple wildcard domain blocks, each line of the
log said

no (end of list)

at the end of each line like so:

03:13:13 50032 address match test:
subject=livewire-insurance-start-saving-me=domain.com@???
pattern=*a3a99l3y.com
03:13:13 50032 foltertankit.com in "*a3a99l3y.com"? no (end of list)
03:13:13 50032 address match test:
subject=livewire-insurance-start-saving-me=domain.com@???
pattern=*afd7971a.com
03:13:13 50032 foltertankit.com in "*afd7971a.com"? no (end of list)
03:13:13 50032 address match test:
subject=livewire-insurance-start-saving-me=domain.com@???
pattern=*laxdva.com
03:13:13 50032 foltertankit.com in "*laxdva.com"? no (end of list)

But with my problematic blacklist file full of regular expressions (one
regular expression per line), there was only one "no (end of list)" at the
very end of the last line. Thus, the \N protection against string expansion
was somehow causing exim to treat the entire file as a giant pattern, even
though the log deceptively made it look like each line was being matched
one line at a time like so:

03:13:13 50032 address match test:
subject=livewire-insurance-start-saving-me=domain.com@???
pattern=\N^affiliate.renewal.*@.*\N
03:13:13 50032 address match test:
subject=livewire-insurance-start-saving-me=domain.com@???
pattern=\N^toprated.wines.*@.*\N
03:13:13 50032 address match test:
subject=livewire-insurance-start-saving-me=domain.com@???
pattern=\N^renewal.by.andersen.*@.*\N
03:13:13 50032 address match test:
subject=livewire-insurance-start-saving-me=domain.com@???
pattern=\N^empire.today.*@.*\N
03:13:13 50032 livewire-insurance-start-saving-me=
domain.com@??? in "/etc/exim4/sender-blacklist-envelope-from"?
no (end of list)

When I removed all the \N instances from the entire blacklist, every
regular expression started working, each line that didn't match had a "no
(end of list)" at the end of it, and I am now successfully blocking this
network of sophisticated spammers.

I hope this helps someone else.