Hello. On Mon, Nov 13, 2023 at 02:25:21PM +0200, Tapio Peltonen via Exim-users wrote: > I have the following line in my local_sender_blacklist file, which is > included as a blacklisted address list: > > ^.*@s\\d+\\..+\\.ru [...] > This does not match anything. Other lines in the blocklist work, this > does not. For example this spam got through: > > 2023-11-12 19:48:04 1r2EZ2-001Ocx-6S <= [email protected] > H=(s7.alextro.ru) [94.139.242.37] P=esmtp S=20273 > [email protected] > > According to the Exim documentation, regexes should work in address > lists. The file is included in acl_check_rcpt: > > deny > message = sender envelope address $sender_address is locally > blacklisted here. If you think this is wrong, get in touch with > postmaster > !acl = acl_local_deny_exceptions > senders = ${if exists{CONFDIR/local_sender_blacklist}\ > {CONFDIR/local_sender_blacklist}\ > {}}
In Debian Exim has the same ACL (with additional log_message=...), in file /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt (CONFDIR=/etc/exim4). I tested it with your example: # echo '^.*@s\\d+\\..+\\.ru' > /etc/exim4/local_sender_blacklist # exim4 -d-all+lookup+expand -bh 94.139.242.37 Exim version 4.97 uid=0 gid=0 pid=5402 D=10100 [...] EHLO test [...] MAIL FROM:<[email protected]> [...] RCPT TO:<[email protected]> [...] ├──expanding: ${if exists{/etc/exim4/local_sender_blacklist}{/etc/exim4/local_sender_blacklist}{}} ╰─────result: /etc/exim4/local_sender_blacklist [email protected] in "/etc/exim4/local_sender_blacklist"? list element: /etc/exim4/local_sender_blacklist [email protected] in "/etc/exim4/local_sender_blacklist"? yes (matched "^.*@s\d+\..+\.ru" in /etc/exim4/local_sender_blacklist) message: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster l_message: sender envelope address is locally blacklisted. ╭considering: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster ├───────text: sender envelope address ├considering: $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster ├──────value: [email protected] ╰──(tainted) ├considering: is locally blacklisted here. If you think this is wrong, get in touch with postmaster ├───────text: is locally blacklisted here. If you think this is wrong, get in touch with postmaster ├──expanding: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster ╰─────result: sender envelope address [email protected] is locally blacklisted here. If you think this is wrong, get in touch with postmaster ╰──(tainted) deny: condition test succeeded in ACL "acl_check_rcpt" end of ACL "acl_check_rcpt": DENY 550-sender envelope address [email protected] is locally blacklisted here. If 550 you think this is wrong, get in touch with postmaster LOG: MAIN REJECT H=(test) [94.139.242.37] Ci=5402 F=<[email protected]> rejected RCPT <[email protected]>: sender envelope address is locally blacklisted. Try to run Exim with the same debug options. -- Eugene Berdnikov -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
