[exim] Re: pls help with ACL

Góra strony
Delete this message
Reply to this message
Autor: Grand Master
Data:  
Dla: improve.ripeness774, exim-users
Temat: [exim] Re: pls help with ACL
warn set acl_c_reverse_address = ${lookup
dnsdb{defer_lax,ptr=$sender_host_address}{$value}}

# known experiment
#  warn
#     domains     = !+local_domains
#     condition     = ${if
match{${extract{1}{:}{${lookup{$sender_address}lsearch{/usr/local/etc/exim/db/known}}}}}{no}
{yes}{no}}
##     condition     = ${if
eq{${extract{2}{:}{${lookup{$acl_c_reverse_address}wildlsearch{/usr/local/etc/exim/db/known}}}}}{no}
{yes}{
#     add_header    = X-KNOWN: passed $sender_address
#     logwrite = warning! known detected! $local_part $sender_address
($acl_c_reverse_address) $acl_m9

file /usr/local/etc/exim/db/known
...
*@company.com:\N^mail\-[a-z0-9]+\-[a-z0-9]+\.google\.com$\N
*@company2.com
:\N^[A-Z0-9]+\-[A-Z0-9]+\-obe\.outbound\.protection\.outlook\.com$\N
...

please note I am not looking for a solution to the problem, but only a way
to create a test condition


сб, 13 июл. 2024 г. в 18:31, Ian Z via Exim-users <exim-users@???

>:


> On Sat, Jul 13, 2024 at 01:02:41PM GMT, Grand Master via Exim-users wrote:
>
> > goal is blocking spoofing or avoiding wildcard permissions in
> > whitelist such as *@company.com
>
> You probably want verify = sender in one of your ACLs, and a SPF check.
> Exim has a native SPF condition for ACLs, but due to recent security
> announcements (of dubious provenance and accuracy) some prefer to check
> external software for this purpose, such as those based on the Perl
> Mail::SPF module.
>
> > in my option i'd like to check simultaneously on two walues:
> > $sender_address and $acl_c_reverse_address
>
> acl_c_reverse_address is a user variable, it has no meaning unless you
> assign to it in another ACL.
>
> It looks like you're referring to an existing configuration and hoping
> to modify and improve it. Maybe you should share it with us here,
> after appropriate sanitization.
>
> --
> Ian
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/