Heiko
Thanks for the response. I'll test this out so I can get to grips with the AND
aspect. Chris suggested a different solution which I am going to use, as it
looks more efficient than the one I was trying to use.
deny
hosts = /etc/exim4/conf.d/tmc-config/relay_from_xerox
!domains = thisdomain.com
message = ....
Thanks again.
Regards,
Pete.
-----Original Message-----
From: Exim-users [mailto:[email protected]]
On Behalf Of Heiko Schlittermann
Sent: 29 June 2016 22:06
To: [email protected]
Subject: Re: [exim] Router or ACL - Deny all but one domain for specific IPs
Peter Leeman <[email protected]> (Mi 29 Jun 2016 22:50:13 CEST):
> I previously request help regarding 'Exim4 route based on senders IP
> address' and received great help. I've included the code I ended up
> with at the end of this email,
>
> To try and make the configuration more efficient I am trying to use an ACL to
> deny senders where the IP address is listed in a file AND the 'RCPT to'
> domain is anything other than 'thisdomain.com'. This ACL seems to be
> blocking all senders if they are listed in the file regardless of destination.
>
> The ACL is in the acl_check_rcpt section and is as follows:
>
> deny
> condition = ${if and \
>
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}}
> \
> {match_domain {$domain}{! thisdomain.com}} \
> }
>
> If I just use the match_ip line without the and it works based on the IP
> address, it fails when I add the match_domain with the following error:
>
> 451 Temporary local problem - please try later
> LOG: [3480] H=(me.thisdomain.com) [1.2.3.4] F=<[email protected]>
> temporarily rejected RCPT [email protected]: failed to expand ACL
> string "${if and
> {match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-co
> nfig/relay_from_xerox}} {match_domain {$domain}{! T=thisdomain.com}}
> }": each subcondition inside an "and{...}" condition must be in its
> own {}
Try this. Not tested. I've added an additional pair of {}
and{ {condA}{condB}{condC}… }
deny
condition = ${if and\
{\
{match_ip{$sender_host_address}{net-iplsearch;/etc/exim4/conf.d/tmc-config/relay_from_xerox}}\
{match_domain {$domain}{! thisdomain.com}}\
}\
}\
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko
Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg
encrypted messages are welcome --------------- key ID: F69376CE - ! key id
7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
SAVE PAPER - Please do not print this e-mail unless absolutely necessary.
******** The Moray Council: Internet E-mail Notice ********
Moray Council Web address: http://www.moray.gov.uk
Main switchboard: 01343 543451
For details on how Moray Council uses personal information, visit
http://www.moray.gov.uk/privacy
The contents of this e-mail and any attachments ('this e-mail') are
confidential and intended solely for the addressee.
If this e-mail has been sent to you by mistake, please notify
[email protected] as soon as possible; you should then delete this e-mail
from your computer.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
