I tested it using a remote client of the same host, and from a
completely different host.
regards
Ale
On 02/06/22 18:42, Slavko via Exim-users wrote:
> Ahoj,
>
> Dňa Thu, 2 Jun 2022 16:19:18 +0100 Jeremy Harris via Exim-users
> <exim-users@???> napísal:
>
>> I don't see that your config actually uses
>> CHECK_RCPT_REMOTE_LOCALPARTS, having defined it.
> It is, only not at start of the file, see:
>
> ...
>
> acl_check_mail:
> accept
> CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
> CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
>
> acl_check_rcpt:
>
> ...
>
> You (original poster) do not tell us how you did test it. The particular
> ACL are run only for SMTP connection, thus will not stop to use eg. by
> mailx, nor by batch SMTP (accepted at start of RCPT ACL). See here, how
> you can test it (note the dot at RCPT start as restricted character) --
> can be wrapped:
>
> + from remote machine:
>
> swaks --server mail.example.org --to .user@??? --quit rcpt
> === Trying primex.skk:25...
> ...
> -> RCPT TO:<.user@???>
> <** 550 restricted characters in address
> ...
>
> + from local host:
>
> echo -e "EHLO kuk\nMAIL FROM:<user@???>\nRCPT TO:<.user@???>\nQUIT" | exim -bh 1.2.3.4 ...
> >>> processing "deny" (/var/lib/exim4/config.autogenerated 439)
> >>> check domains = !+local_domains
> >>> example.org in "!+local_domains"? yes (end of list)
> >>> check local_parts = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
> >>> .user in "^[./|] : ^.*[@%!`#&?] : ^.*/\.\./"? yes (matched
> >>> "^[./|]") message: restricted characters in address
> >>> deny: condition test succeeded in ACL "acl_check_rcpt"
> >>> end of ACL "acl_check_rcpt": DENY
> 550 restricted characters in address
> LOG: H=[1.2.3.4] F=<linux@???> rejected RCPT <.user@???>: restricted characters in address ...
>
> As you can see, both examples ends in rejections that recipient.
>
> You do not need to setup the CHECK_RCPT_*_LOCALPARTS macros, as they
> have sane defaults on debian, only when one want to relax them or vice
> versa...
>
> regards
>
>
