logs archiveIRC Archive / Freenode / #exim / 2010 / June / 1 / 1
petemc
you want exim to deliver mail to ip addresses?
akult
petemc, yes. but only for local if it possible.
petemc
you need to allow domain_literal and have a router that does ipliteral
its generally considered a bad idea, which is why its not supported by default
akult
petemc, heh, I see. ok, most likely to do domain names for nessesary addresses is more smart decision. :)
Simon-
you also need to use the correct syntax: *@[1.2.3.4]
lau
i am trying to drop any mails to noreply@my.tld with exim 4.69
i've read system filter files like
if $header_to: contains <noreply@my.tld>
then
seen finish
endif
phx
you can do that in the exim config also
just read the docs
lau
then set up a rule in the exim4 conf system_filter = /usr/exim/system_filter
hello phx
phx
well, i'd do a discard rule in the rcpt acl
but you can do it also that way, yes
         

lau
phx, is http://www.exim.org/exim-html-3.20/doc/html/spec_47.html this the reading you are thinking of (for system filter) ?
phx
i wasn't thinking of any system filters
< phx> well, i'd do a discard rule in the rcpt acl
i was thinking of this, exactly
lau
yes I understand http://www.exim.org/exim-html-4.50/doc/html/spec_39.html
09:40 < phx> just read the docs
I thought you were pointing me to a system filter exim documentation page
phx you set your rcpt acl right after 00_exim4-config_header ?
phx
i don't have such a thing
i've got /usr/local/etc/exim/configure with my complete config
lau
phx ok, is the acl_smpt_rcpt a coma separated list of acl ? such as acl_smtp_rcpt = acl_check_rcpt, acl_my_noreply ?
phx
i don't think so
check the docs on it
Uriell
I want 1 client to be able to send mails to * and another client to send mails to specific domain.com, each of my clients has a fixed IP, how can I do that separation?
phx
Uriell, with ACLs, feel free to read the docs
lau
phx, I added discard local_parts = noreply
domains = +local_domains in my acl_rcpt
it is working but I still need the noreply user to be known by the system
if noreply user is not know by the system then I get a Unrouteable address in rejectlog
vs. discarded by RCPT ACL
phx
well, nothing indicates that you need it, you have messed up something
Uriell
phx, reading but I am new to exim and can't figure out exactly which acl setup I need, can you please help me a little more?
phx
er, use debug mode to figure out what exactly exim does
henk
Uriell: you probably need the acl that checks the RCPT...
lau
phx: my acl looks like discard local_parts = noreply : nonsystemuser\ndomains = +local_domains
phx
lau, that should be fine
lau
rejectlog is discarded by RCPT ACL when rcpt to noreply@my.tld and Unrouteable address when rcpt to nonsystemuser@my.tld
oh i see I should put this acl rule on top of acl_rcpt
because the nonsystemuser is rejected before matching my rule
phx
yes, ACLs are processed from first to last, in a firstmatch manner
lau
ok
phx
and this is also in the docs
Uriell
henk, Been reading the 30_exim4-config_check_rcpt file, seen many examples there but not what I am looking to do
         

henk
Uriell: then check the docs. the file you are reading is a configfile, not a reference or example file...
Uriell
I am reading, I understand that I need 2 confs, 1 conf for my client that can send to *, and second conf for the client that can't send anywhere but to specific domain
henk
depending on what you mean with 'confs' that might be true...
Uriell
I mean lines in the conf file, I need 1 deny line that checks for IP, if the ip is the client that is limited to 1 domain, then block all the mails that are not been sent to the domain
henk
yup, imho that should work...
Uriell
If I will put a deny line, it will block the entire emails no matter the domain, so I need an accept line in this case?
henk
Uriell: a single deny line should work afaict. just check for all conditions that should yield a reply...
i.e. sending ip is X.X.X.X AND recipient domain is not foo.bar
Uriell
list of ips can't be in the conf but must be on separeted files?
henk
not necessarily afaik.
Uriell
! - means as not ? like in iptables?
henk
yes
Uriell
So I need something like: deny, message = can't send mails to this domain, hosts = the.restricted.ip, domains = !the.allowed.domain
ok this didn't work
what am i missing?
henk
"didn't work" is worth nothing...
Uriell
The mail from the ip has been sent to any domain
henk
our crystal balls are out of order so please switch on your brain and come up with a proper problem description.
thanks
Uriell
sorry :)
http://pastebin.com/crFynyBm
henk
Uriell: and what happens? anything in the logs? does exim -bh do something?
Uriell
in the logs I just see the mail regulary sent, -bh gives me exim abandoned: unknown, malformed, or incomplete option -bh
henk
Uriell: man exim
you might try 'domains = yahoo.com'
ah, wait...
Uriell
http://pastebin.com/ttgL6F4y
If I'll put domains = yahoo.com then it will deny only yahoo.com or I am mistaken?
Hmm trying to put it in /etc/exim4/local_acl_check_rcpt and getting from /usr/sbin/exim4 -bh >>> end of ACL "acl_local_deny_exceptions": implicit DENY, then it keeps going thru the acl until it gets to 250 Accepted
henk
Uriell: wrong directory...
Uriell: and 'domains = ...' are all conditions which have to be fulfilled for the acl verb (deny) to happen.
Uriell
so domains = !yahoo.com is wrong ?
henk
i'm confused, so i don't know ;)
it will deny if the mail does not go to yahoo.com i guess...
Uriell
that is what I want
I am confused too ;) where should I put http://pastebin.com/crFynyBm ?
I thought that I should put it in /etc/exim4/local_acl_check_rcpt
henk
Uriell: why did you think that?
Uriell
I am running exim4 on debian stable, got the file conf.d/acl/30_exim4-config_check_rcpt
it has:
http://pastebin.com/98pR2LXi
So I understood that I need this file
But, please correct me here :)
henk
so you have the file /etc/exim4/conf.d/acl/30_exim4... and you think that your own acl file should NOT be in /etc/exim4/conf.d/acl, but only in /etc/exim4/? sorry, i can't follow that logic. can you?
Uriell
:)
I added the file in /etc/exim4/conf.d/acl/ but still getting the same message in the log: >>> end of ACL "acl_local_deny_exceptions": implicit DENY and the message eventually gets >>> accept: condition test succeeded 250 Accepted
henk
did you rebuild the config file?
Uriell
used update-exim4.conf and restarted exim
henk
Uriell: and your part is actually in the config file exim reads? have you checked that?
Uriell
Should I put a RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/acl/local_acl_check_rcpt somewhere?
I thought that if I get in the log: >>> end of ACL "acl_local_deny_exceptions": implicit DENY so it means it reads it
henk
Uriell: hm? is that your file? imho local_acl_check_rcpt != acl_local_deny_exceptions
Uriell: and i have asked two questions. did you answer them?
Uriell
henk, oh man I just misread that line and it got me confused :), answers to both of your questions: don't know (lame.. :\)
henk
Uriell: check :)
Uriell
reading /var/lib/exim4/config.autogenerated now
yes its in the conf
just before the line: begin routers
But its in the acl_check_data: section
And not in the acl_check_rcpt: section
Maybe that is the problem?
henk
bevore the line? bad...
s/bevore/before/
oh, no wait...
Uriell
ok I got it to the right section
changed the filename
now testing again
hmmm still it gets through no matter on which domain, maybe its because I have the ip in dc_relay_nets in the file /etc/exim4/update-exim4.conf.conf?
henk
Uriell: paste the output of exim -bh ...
yeah, possible...
Uriell
btw I changed the filename to 31_local_acl_check_rcpt
but if I'll remove it from dc_relay_nets no mails from the ip will get passed, i tried it
http://pastebin.com/aJrFLau8
henk
that's all? o_O
Uriell
Am I missing something?
Got the file /etc/exim4/conf.d/acl/31_local_acl_check_rcpt
henk
paste your acl again, please
Uriell
It has :
deny
message = Can't send mails to this domain
hosts = 192.168.100.1
domains = !yahoo.com
henk
#
>>> using ACL "acl_check_rcpt"
>>> check hosts = :
looks like there's something wrong about that...
but i'm not quite sure...
Uriell
the IP is not local
so it shuold not be a problem (i edited the paste to hide the real ip due to security reasons)
it gets over tcp/ip and its external ip
henk
mhm, obfuscation is great. doesn't confuse a bit. about 99% of all people do it correctly. almost no one confuses servers with each other. and it doesn't make a difference anywhere if it's private or public ip.
and all of that is a lie.
Uriell
http://pastebin.com/XgjZBnJe
1.1.1.1 is my client I want to filter its mails
Hopefully its better now ;)
henk
uhm...
yeah... what is your acl called again?
Uriell
I didn't call it by name
filename is 31_local_acl_check_rcpt
henk
line 71 is the check that accepts the mail. your checks come after that i guess...
Uriell
hmmm
so should I change the filename to 29?
it will come before 30_exim4-config_check_rcpt
henk
'sigh' no... i don't know. YOU need to know your setup.
Uriell
I want to insert my check before 30_exim4-config_check_rcpt finishes
henk
i do not see anything matching your tests in your paste, so i guess the order in your acls is broken.
Uriell
henk, http://pastebin.com/UC0iekbb
henk
Uriell: looks good. does it work?
Uriell
no
:\
mails are getting sent to other domains
« prev next »