Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
[Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
exim-dev at exim
Mar 30, 2021, 2:54 PM
Post #1 of 1 (107 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #21 from Simon Arlott <bugzilla.exim.simon@arlott.org> ---
My ACLs for dnslists are populated from a ${lookup ...} so it's not practical
to go making lots of individual special case checks against IP addresses.
Here's one example but there are 24 of them:

warn
condition = ${if isip4{$sender_host_address}{yes}{no}}
condition =
${lookup{$acl_m_acl}lsearch*{/redacted/acls/deny-ip4}{yes}{no}}
dnslists = \
${sg{\

${lookup{$acl_m_acl}lsearch*{/redacted/acls/deny-ip4}{$value}{invalid}}\
}{ }{:}}
set acl_m_block_any = ${if
lt{$acl_m_block_any}{1}{1}{$acl_m_block_any}}
set acl_m_reason = ${if eq{$acl_m_reason}{}{}{$acl_m_reason\n}}
set acl_m_reason = ${acl_m_reason}$sender_host_address is blocked by
$dnslist_domain.\n$dnslist_text
set acl_m_debug = $acl_m_debug\
${map{<,$dnslist_value}{ \

${lookup{$dnslist_domain=$item}lsearch{/redacted/dnslists}{deny/ip4/$value}{deny/ip4/$dnslist_domain$item}}\
}}

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal