Hello.
On Mon, Nov 13, 2023 at 02:25:21PM +0200, Tapio Peltonen via Exim-users wrote:
> I have the following line in my local_sender_blacklist file, which is
> included as a blacklisted address list:
>
> ^.*@s\\d+\\..+\\.ru
[...]
> This does not match anything. Other lines in the blocklist work, this
> does not. For example this spam got through:
>
> 2023-11-12 19:48:04 1r2EZ2-001Ocx-6S <= info@???
> H=(s7.alextro.ru) [94.139.242.37] P=esmtp S=20273
> id=829c43219fe28a9d5849a83f24063c0e@???
>
> According to the Exim documentation, regexes should work in address
> lists. The file is included in acl_check_rcpt:
>
> deny
> message = sender envelope address $sender_address is locally
> blacklisted here. If you think this is wrong, get in touch with
> postmaster
> !acl = acl_local_deny_exceptions
> senders = ${if exists{CONFDIR/local_sender_blacklist}\
> {CONFDIR/local_sender_blacklist}\
> {}}
In Debian Exim has the same ACL (with additional log_message=...), in file
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt (CONFDIR=/etc/exim4).
I tested it with your example:
# echo '^.*@s\\d+\\..+\\.ru' > /etc/exim4/local_sender_blacklist
# exim4 -d-all+lookup+expand -bh 94.139.242.37
Exim version 4.97 uid=0 gid=0 pid=5402 D=10100
[...]
EHLO test
[...]
MAIL FROM:<info@???>
[...]
RCPT TO:<bd4@???>
[...]
├──expanding: ${if exists{/etc/exim4/local_sender_blacklist}{/etc/exim4/local_sender_blacklist}{}}
╰─────result: /etc/exim4/local_sender_blacklist
info@??? in "/etc/exim4/local_sender_blacklist"?
list element: /etc/exim4/local_sender_blacklist
info@??? in "/etc/exim4/local_sender_blacklist"? yes (matched "^.*@s\d+\..+\.ru" in /etc/exim4/local_sender_blacklist)
message: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
l_message: sender envelope address is locally blacklisted.
╭considering: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
├───────text: sender envelope address
├considering: $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
├──────value: info@???
╰──(tainted)
├considering: is locally blacklisted here. If you think this is wrong, get in touch with postmaster
├───────text: is locally blacklisted here. If you think this is wrong, get in touch with postmaster
├──expanding: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
╰─────result: sender envelope address info@??? is locally blacklisted here. If you think this is wrong, get in touch with postmaster
╰──(tainted)
deny: condition test succeeded in ACL "acl_check_rcpt"
end of ACL "acl_check_rcpt": DENY
550-sender envelope address info@??? is locally blacklisted here. If
550 you think this is wrong, get in touch with postmaster
LOG: MAIN REJECT
H=(test) [94.139.242.37] Ci=5402 F=<info@???> rejected RCPT <bd4@???>: sender envelope address is locally blacklisted.
Try to run Exim with the same debug options.
--
Eugene Berdnikov
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
