Mailing List Archive: exim: users

Odd ACL behaviour

Index | Next | Previous | View Threaded

exim at southportweb

Oct 30, 2009, 8:51 AM

Post #1 of 4 (169 views)
Permalink

Odd ACL behaviour

Hi there,
I've been working on my ACL since asking earlier, but have got a bit
bamboozled as it doesn't seem to be behaving so I'm hoping someone can
tell me what I've been doing wrong.

Essentially, I'm currently writing the ACL so that it just adds headers
when messages get to particular stages in the chain.

I currently have this in an RCPT TO acl:

accept
condition = ${if eq
{1}{${lookup{$domain}lsearch{/etc/staticroutes}{1}{0}}}}
add_header = X_Staticroutes: TRUE
require verify = recipient/callout=use_sender
add_header = X_Staticroutes_verify: TRUE

To make things clear, /etc/staticroutes is a list of "domains: IP" and a
later transport delivers all mail to the domain to that IP address.
What I am attempting to do is have a call forward run that allows Exim
to reject messages that will not be accepted by the final server.

What actually happens is that incoming messages to the domain are all
accepted and the second header is not added. Messages to Valid
recipients get delivered and invalid messages get bounced.
Now the odd stuff. The bounce message contains the original message with
the first header (X_Staticroutes) added to it but not the second. The
bounce messages itself does not get the first header, but oddly gets the
second header added. I can't understand why the bounce message gets any
header added as the address it is going back to is not included in
/etc/staticroutes.

If I then take "require" out, the second header gets added to all
incoming messages for the domain and no headers get added to the bounce
message.

I'm stumped. What I need out of the end of this is a deny that checks
for a 1 on the condition I have and a reject on the the call forward.
Any pointers from people who know how these things work?
--
Regards,
Colin Waring,
+44 (0)1704 564047

Southport Computers
Local IT Support
http://www.southportcomputers.co.uk

Southport Web
Web Design and Hosting Services
http://www.southportweb.co.uk

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim at southportweb

Oct 30, 2009, 9:11 AM

Post #2 of 4 (159 views)
Permalink

Re: Odd ACL behaviour [In reply to]

Further to my last message I realised running an accept was bypassing
all other filtering due to having it at the top of the ACL.
I have changed the accept to a warn and the odd behaviour has settled down.

With the warn in place, both headers get added to incoming mails and
nothing to the bounce message but it appears the callforward is being
completely ignored and after hours and hours of trawling Google and the
documentation I have nothing left to try..

--
Regards,
Colin Waring,
+44 (0)1704 564047

Southport Computers
Local IT Support
http://www.southportcomputers.co.uk

Southport Web
Web Design and Hosting Services
http://www.southportweb.co.uk

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users-20081202 at djce

Oct 30, 2009, 3:06 PM

Post #3 of 4 (150 views)
Permalink

Re: Odd ACL behaviour [In reply to]

On Fri, Oct 30, 2009 at 04:11:39PM +0000, Colin wrote:
> Further to my last message I realised running an accept was bypassing
> all other filtering due to having it at the top of the ACL.
> I have changed the accept to a warn and the odd behaviour has settled down.
>
> With the warn in place, both headers get added to incoming mails and
> nothing to the bounce message but it appears the callforward is being
> completely ignored and after hours and hours of trawling Google and the
> documentation I have nothing left to try..

http://wiki.exim.org/FAQ/General_Debugging/Q0002

"exim -d+all -bh X.X.X.X". Or use -bhc instead of -bh.

Regards,

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey

Attachments:

signature.asc (0.19 KB)

exim at southportweb

Oct 30, 2009, 4:26 PM

Post #4 of 4 (150 views)
Permalink

Re: Odd ACL behaviour [In reply to]

Dave Evans wrote:
> http://wiki.exim.org/FAQ/General_Debugging/Q0002
>
> "exim -d+all -bh X.X.X.X". Or use -bhc instead of -bh.
>
> Regards,
>
>
Thank you for the reply.
I am now entirely annoyed at Exchange! It seems that the warn I have in
place is actually already rejecting the majority of mail for our
customers domains instead of adding the second header. So that means
that the ACL I thought wasn't working is actually working perfectly.
Typically however, the server that I was using to test the ACL is not.
It appears to be accepting all mail and then generating a bounce instead
of rejecting non-valid recipients at the SMTP time. But that is a
completely separate issue that I will look later.
Thanks folks.

--
Regards,
Colin Waring,
+44 (0)1704 564047

Southport Computers
Local IT Support
http://www.southportcomputers.co.uk

Southport Web
Web Design and Hosting Services
http://www.southportweb.co.uk

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com