Re: [exim] Router or ACL - Deny all but one domain for specific IPs

Wed, 29 Jun 2016 14:09:39 -0700 

Peter Leeman <[email protected]> (Mi 29 Jun 2016 22:50:13 CEST):
> I previously request help regarding 'Exim4 route based on senders IP address' 
> and received great help.  I've included the code I ended up with at the end 
> of this email,
> 
> To try and make the configuration more efficient I am trying to use an ACL to 
> deny senders where the IP address is listed in a file AND the 'RCPT to' 
> domain is anything other than 'thisdomain.com'.  This ACL seems to be 
> blocking all senders if they are listed in the file regardless of destination.
> 
> The ACL is in the acl_check_rcpt section and is as follows:
> 
>   deny
>         condition = ${if and \
>                 
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}}
>  \
>                 {match_domain {$domain}{! thisdomain.com}} \
>                 }
> 
> If I just use the match_ip line without the and it works based on the IP 
> address, it fails when I add the match_domain with the following error:
> 
> 451 Temporary local problem - please try later
> LOG: [3480] H=(me.thisdomain.com) [1.2.3.4] F=<[email protected]> 
> temporarily rejected RCPT [email protected]: failed to expand ACL string 
> "${if and 
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}}
>  {match_domain {$domain}{! T=thisdomain.com}} }": each subcondition inside an 
> "and{...}" condition must be in its own {}

Try this. Not tested. I've added an additional pair of {}

    and{ {condA}{condB}{condC}… }

    deny
          condition = ${if and\
                        {\
                            
{match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}}\
                            {match_domain {$domain}{! thisdomain.com}}\
                        }\
                       }\



    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

Attachment: signature.asc
Description: Digital signature

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to