[exim] Re: Regex in address list does not work (Exim 4.94)

Top Pagina
Delete this message
Reply to this message
Auteur: Evgeniy Berdnikov
Datum:  
Aan: exim-users
Onderwerp: [exim] Re: Regex in address list does not work (Exim 4.94)
Hello.

On Mon, Nov 13, 2023 at 02:25:21PM +0200, Tapio Peltonen via Exim-users wrote:
> I have the following line in my local_sender_blacklist file, which is
> included as a blacklisted address list:
>
> ^.*@s\\d+\\..+\\.ru

[...]
> This does not match anything. Other lines in the blocklist work, this
> does not. For example this spam got through:
> 
> 2023-11-12 19:48:04 1r2EZ2-001Ocx-6S <= info@???
> H=(s7.alextro.ru) [94.139.242.37] P=esmtp S=20273
> id=829c43219fe28a9d5849a83f24063c0e@???
> 
> According to the Exim documentation, regexes should work in address
> lists. The file is included in acl_check_rcpt:
> 
>  deny
>     message = sender envelope address $sender_address is locally
> blacklisted here. If you think this is wrong, get in touch with
> postmaster
>     !acl = acl_local_deny_exceptions
>     senders = ${if exists{CONFDIR/local_sender_blacklist}\
>                    {CONFDIR/local_sender_blacklist}\
>                    {}}


 In Debian Exim has the same ACL (with additional log_message=...), in file
 /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt (CONFDIR=/etc/exim4).
 I tested it with your example:

 # echo '^.*@s\\d+\\..+\\.ru' > /etc/exim4/local_sender_blacklist
 # exim4 -d-all+lookup+expand -bh 94.139.242.37
 Exim version 4.97 uid=0 gid=0 pid=5402 D=10100
 [...]
 EHLO test
 [...]
 MAIL FROM:<info@???>
 [...]
 RCPT TO:<bd4@???>
 [...]
 ├──expanding: ${if exists{/etc/exim4/local_sender_blacklist}{/etc/exim4/local_sender_blacklist}{}}
 ╰─────result: /etc/exim4/local_sender_blacklist
info@??? in "/etc/exim4/local_sender_blacklist"?
 list element: /etc/exim4/local_sender_blacklist
 info@??? in "/etc/exim4/local_sender_blacklist"? yes (matched "^.*@s\d+\..+\.ru" in /etc/exim4/local_sender_blacklist)
  message: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
l_message: sender envelope address is locally blacklisted.
 ╭considering: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
 ├───────text: sender envelope address 
 ├considering: $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
 ├──────value: info@???
            ╰──(tainted)
 ├considering:  is locally blacklisted here. If you think this is wrong, get in touch with postmaster
 ├───────text:  is locally blacklisted here. If you think this is wrong, get in touch with postmaster
 ├──expanding: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
 ╰─────result: sender envelope address info@??? is locally blacklisted here. If you think this is wrong, get in touch with postmaster
            ╰──(tainted)
deny: condition test succeeded in ACL "acl_check_rcpt"
end of ACL "acl_check_rcpt": DENY
550-sender envelope address info@??? is locally blacklisted here. If
550 you think this is wrong, get in touch with postmaster
LOG: MAIN REJECT
  H=(test) [94.139.242.37] Ci=5402 F=<info@???> rejected RCPT <bd4@???>: sender envelope address is locally blacklisted.

 Try to run Exim with the same debug options.
-- 
 Eugene Berdnikov


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/