Hi Paul, Paul Key via Exim-users <exim-users@exim.org> (Mi 19 Mai 2021 16:41:49 CEST): > Hi, > > Using an acl_check_rcpt in exim.conf we are trying to both block and > whitelist incoming email addresses in the same acl. > > Currently we have: > > deny message = $sender_host_address is listed in user blocking list > > condition = ${lookup > {$sender_address}wildlsearch{/etc/exim/whitelist.senders} {no}{yes}} > condition = ${lookup {$sender_address}wildlsearch{/etc/exim/blocking_list} > {yes}{no}} > > in whitelist.senders we have an email address "example@example.cloud" which > we want to allow through but in blocking_list we have an entry "*@*.cloud". > So first we check the whitelist - which matches in the case of receiving an > email from "example@example.cloud" but if no match then should move onto the > blocking_list.
yes, and if there is a match, your lookup returns "no", which should stop processing *this* ACL block > However it looks like the acl is just evaluating the first condition and not > processing the second condition whatever the condition result is. How can you tell? Did you test debugging this? The simplest way is doing something like swaks -q rcpt -f example@example.cloud -t f...@example.com --pipe 'exim -bh 0.0.0.0' > Is their syntax for an ACL something like: > If <this condition> AND NOT <that condition> > > To provide one evaluation result for acl_check_rcpt searching both a > blocking_list and a whitelist? The expressions of a "block" are evaluated in order, *until* an expression returns "false". If all expressions return true, the block's verb is executed, otherwise ACL processing jumps to the next block. Exceptions are - the verb "require": if *all* expressions are true, the processing continues with the next block, otherwise an error (e.g. 5xx) is returned. - the expression "endpass" I used the following example config: acl_smtp_rcpt = acl_check_rcpt begin acl acl_check_rcpt: deny message = $sender_host_address is listed in user blocking list condition = ${lookup {$sender_address}wildlsearch{$config_dir/whitelist.senders} {no}{yes}} condition = ${lookup {$sender_address}wildlsearch{$config_dir/blocking_list} {yes}{no}} With these additional files: # whitelist.senders f...@example.com # blocking_list *@*.com and ran the following command swaks -f 'f...@example.com' -t b...@example.com --pipe 'exim -C /tmp/x.conf -bh 0.0.0.0' -q rcpt which produced this output (as expected): … <- 250-SMTPUTF8 <- 250 HELP -> MAIL FROM:<f...@example.com> <- 250 OK -> RCPT TO:<b...@example.com> >>> using ACL "acl_check_rcpt" >>> processing "deny" (/tmp/x.conf 6) >>> message: $sender_host_address is listed in user blocking list >>> f...@example.com in "f...@example.com"? yes (matched "f...@example.com") >>> check condition = ${lookup {$sender_address}wildlsearch{$config_dir/whitelist.senders} {no}{yes}} >>> = no >>> deny: condition test failed in ACL "acl_check_rcpt" >>> end of ACL "acl_check_rcpt": implicit DENY LOG: H=(x1.schlittermann.de) [0.0.0.0] F=<f...@example.com> rejected RCPT <b...@example.com> <** 550 Administrative prohibition -> QUIT <- 221 x1 closing connection === Connection closed with child process. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/