Ahoj,
Dňa Thu, 2 Jun 2022 16:19:18 +0100 Jeremy Harris via Exim-users
<exim-users@???> napísal:
> I don't see that your config actually uses
> CHECK_RCPT_REMOTE_LOCALPARTS, having defined it.
It is, only not at start of the file, see:
...
acl_check_mail:
accept
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
acl_check_rcpt:
...
You (original poster) do not tell us how you did test it. The particular
ACL are run only for SMTP connection, thus will not stop to use eg. by
mailx, nor by batch SMTP (accepted at start of RCPT ACL). See here, how
you can test it (note the dot at RCPT start as restricted character) --
can be wrapped:
+ from remote machine:
swaks --server mail.example.org --to .user@??? --quit rcpt
=== Trying primex.skk:25...
...
-> RCPT TO:<.user@???>
<** 550 restricted characters in address
...
+ from local host:
echo -e "EHLO kuk\nMAIL FROM:<user@???>\nRCPT TO:<.user@???>\nQUIT" | exim -bh 1.2.3.4 ...
>>> processing "deny" (/var/lib/exim4/config.autogenerated 439)
>>> check domains = !+local_domains
>>> example.org in "!+local_domains"? yes (end of list)
>>> check local_parts = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
>>> .user in "^[./|] : ^.*[@%!`#&?] : ^.*/\.\./"? yes (matched
>>> "^[./|]") message: restricted characters in address
>>> deny: condition test succeeded in ACL "acl_check_rcpt"
>>> end of ACL "acl_check_rcpt": DENY
550 restricted characters in address
LOG: H=[1.2.3.4] F=<linux@???> rejected RCPT <.user@???>: restricted characters in address ...
As you can see, both examples ends in rejections that recipient.
You do not need to setup the CHECK_RCPT_*_LOCALPARTS macros, as they
have sane defaults on debian, only when one want to relax them or vice
versa...
regards
--
Slavko
https://www.slavino.sk
