Hi Paul, Paul Key via Exim-users <[email protected]> (Mi 19 Mai 2021 16:41:49 CEST): > Hi, > > Using an acl_check_rcpt in exim.conf we are trying to both block and > whitelist incoming email addresses in the same acl. > > Currently we have: > > deny message = $sender_host_address is listed in user blocking list > > condition = ${lookup > {$sender_address}wildlsearch{/etc/exim/whitelist.senders} {no}{yes}} > condition = ${lookup {$sender_address}wildlsearch{/etc/exim/blocking_list} > {yes}{no}} > > in whitelist.senders we have an email address "[email protected]" which > we want to allow through but in blocking_list we have an entry "*@*.cloud". > So first we check the whitelist - which matches in the case of receiving an > email from "[email protected]" but if no match then should move onto the > blocking_list.
yes, and if there is a match, your lookup returns "no", which should
stop processing *this* ACL block
> However it looks like the acl is just evaluating the first condition and not
> processing the second condition whatever the condition result is.
How can you tell? Did you test debugging this? The simplest way is doing
something like
swaks -q rcpt -f [email protected] -t [email protected] --pipe 'exim
-bh 0.0.0.0'
> Is their syntax for an ACL something like:
> If <this condition> AND NOT <that condition>
>
> To provide one evaluation result for acl_check_rcpt searching both a
> blocking_list and a whitelist?
The expressions of a "block" are evaluated in order, *until* an
expression returns "false". If all expressions return true, the block's
verb is executed, otherwise ACL processing jumps to the next block.
Exceptions are
- the verb "require": if *all* expressions are true, the processing
continues with the next block, otherwise an error (e.g. 5xx) is
returned.
- the expression "endpass"
I used the following example config:
acl_smtp_rcpt = acl_check_rcpt
begin acl
acl_check_rcpt:
deny
message = $sender_host_address is listed in user blocking list
condition = ${lookup
{$sender_address}wildlsearch{$config_dir/whitelist.senders} {no}{yes}}
condition = ${lookup
{$sender_address}wildlsearch{$config_dir/blocking_list} {yes}{no}}
With these additional files:
# whitelist.senders
[email protected]
# blocking_list
*@*.com
and ran the following command
swaks -f '[email protected]' -t [email protected] --pipe 'exim -C
/tmp/x.conf -bh 0.0.0.0' -q rcpt
which produced this output (as expected):
…
<- 250-SMTPUTF8
<- 250 HELP
-> MAIL FROM:<[email protected]>
<- 250 OK
-> RCPT TO:<[email protected]>
>>> using ACL "acl_check_rcpt"
>>> processing "deny" (/tmp/x.conf 6)
>>> message: $sender_host_address is listed in user blocking list
>>> [email protected] in "[email protected]"? yes (matched "[email protected]")
>>> check condition = ${lookup
{$sender_address}wildlsearch{$config_dir/whitelist.senders} {no}{yes}}
>>> = no
>>> deny: condition test failed in ACL "acl_check_rcpt"
>>> end of ACL "acl_check_rcpt": implicit DENY
LOG: H=(x1.schlittermann.de) [0.0.0.0] F=<[email protected]> rejected RCPT
<[email protected]>
<** 550 Administrative prohibition
-> QUIT
<- 221 x1 closing connection
=== Connection closed with child process.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
