Mailing List Archive: discard mail from all local users except

discard mail from all local users except

exim-users at exim

May 30, 2021, 10:50 PM

Post #1 of 13 (1187 views)

Dear Colleagues,

I'm trying to discard mails from all local users (shared hosting) other
than from root and maybe a few others. I've configured

acl_not_smtp = acl_not_smtp
begin acl

acl_not_smtp:
accept condition = ${if bool{${lookup{$authenticated_sender}lsearch{/etc/mail/whitelist.local}}}}
discard message = Local sending is prohibited

$ cat /etc/mail/whitelist.local
root
root@http1.hiddendomain.com

For some reason the accept part does not work, mail from the local root
is discarded too. What's wrong with my lookup?
Here is the debug:
https://termbin.com/kavi (the real domain is hidden as "hiddendomain").

I've tried replacing $authenticated_sender with $sender_ident with no result.

I'm talking about sending via exim as /usr/sbin/sendmail, not about SMTP
to localhost.

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 30, 2021, 11:32 PM

Post #2 of 13 (1187 views)

On Mon, May 31, 2021 at 12:50:56PM +0700, Victor Sudakov via Exim-users wrote:
> Here is the debug:
> https://termbin.com/kavi (the real domain is hidden as "hiddendomain").

You run debug without proper selectors. Try at least -d+lookup.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 30, 2021, 11:57 PM

Post #3 of 13 (1187 views)

Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 12:50:56PM +0700, Victor Sudakov via Exim-users wrote:
> > Here is the debug:
> > https://termbin.com/kavi (the real domain is hidden as "hiddendomain").
>
> You run debug without proper selectors. Try at least -d+lookup.

I thought I was running it with -d+all. Maybe I missed something.

Here is -d+lookup: https://termbin.com/08fv

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 12:25 AM

Post #4 of 13 (1187 views)

On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
> Here is -d+lookup: https://termbin.com/08fv

Lookup failed. Have you string "root@http1.hiddendomain.com" in this file?
Check it by hands: exim -be '${lookup {root@http1.hiddendomain.com} ...}'.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 12:46 AM

Post #5 of 13 (1187 views)

Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
> > Here is -d+lookup: https://termbin.com/08fv
>
> Lookup failed. Have you string "root@http1.hiddendomain.com" in this file?
> Check it by hands: exim -be '${lookup {root@http1.hiddendomain.com} ...}'.

root@http1:~ # exim -C /usr/local/etc/exim/configure.nolocalmail -be '${lookup{root@http1.hiddendomain.com}lsearch{/etc/mail/whitelist.local}}'

root@http1:~ # grep root@http1.hiddendomain.com /etc/mail/whitelist.local
root@http1.hiddendomain.com
root@http1:~ #

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 12:52 AM

Post #6 of 13 (1187 views)

Am 31.05.21 um 09:25 schrieb Evgeniy Berdnikov via Exim-users:
> On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
>> Here is -d+lookup: https://termbin.com/08fv
> Lookup failed. Have you string "root@http1.hiddendomain.com" in this file?
> Check it by hands: exim -be '${lookup {root@http1.hiddendomain.com} ...}'.
next question: is the format of the file content correct?

Best regards,
Marius

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 1:14 AM

Post #7 of 13 (1187 views)

On Mon, May 31, 2021 at 02:46:40PM +0700, Victor Sudakov via Exim-users wrote:
> Evgeniy Berdnikov via Exim-users wrote:
> > On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
> > > Here is -d+lookup: https://termbin.com/08fv
> >
> > Lookup failed. Have you string "root@http1.hiddendomain.com" in this file?
> > Check it by hands: exim -be '${lookup {root@http1.hiddendomain.com} ...}'.
>
> root@http1:~ # exim -C /usr/local/etc/exim/configure.nolocalmail -be '${lookup{root@http1.hiddendomain.com}lsearch{/etc/mail/whitelist.local}}'
>
> root@http1:~ # grep root@http1.hiddendomain.com /etc/mail/whitelist.local
> root@http1.hiddendomain.com
> root@http1:~ #

All works as programmed: Lookup for "root@http1.hiddendomain.com" gives
empty string, bool{} converted it to "false", so ${if...} fails and condition
is wrong. You have to change this logic. Say, add value to lookup key.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 1:16 AM

Post #8 of 13 (1187 views)

Cyborg via Exim-users wrote:
> Am 31.05.21 um 09:25 schrieb Evgeniy Berdnikov via Exim-users:
> > On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
> > > Here is -d+lookup: https://termbin.com/08fv
> > Lookup failed. Have you string "root@http1.hiddendomain.com" in this file?
> > Check it by hands: exim -be '${lookup {root@http1.hiddendomain.com} ...}'.
> next question: is the format of the file content correct?

Well, I have already posted this:

root@http1:~ # grep root@http1.hiddendomain.com /etc/mail/whitelist.local
root@http1.hiddendomain.com

Maybe it's incorrect. It's just a list of E-mails, each on its line.

BTW I have found out that there is an easier way of doing this and it
works:

begin acl
acl_not_smtp:
accept senders = /etc/mail/whitelist.local
discard message = Local sending is prohibited

However, even if for educational purposes I'd like to understand what's
wrong with the above lookup.

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 1:59 AM

Post #9 of 13 (1187 views)

Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 02:46:40PM +0700, Victor Sudakov via Exim-users wrote:
> > Evgeniy Berdnikov via Exim-users wrote:
> > > On Mon, May 31, 2021 at 01:57:26PM +0700, Victor Sudakov via Exim-users wrote:
> > > > Here is -d+lookup: https://termbin.com/08fv
> > >
> > > Lookup failed. Have you string "root@http1.hiddendomain.com" in this file?
> > > Check it by hands: exim -be '${lookup {root@http1.hiddendomain.com} ...}'.
> >
> > root@http1:~ # exim -C /usr/local/etc/exim/configure.nolocalmail -be '${lookup{root@http1.hiddendomain.com}lsearch{/etc/mail/whitelist.local}}'
> >
> > root@http1:~ # grep root@http1.hiddendomain.com /etc/mail/whitelist.local
> > root@http1.hiddendomain.com
> > root@http1:~ #
>
> All works as programmed: Lookup for "root@http1.hiddendomain.com" gives
> empty string, bool{} converted it to "false", so ${if...} fails and condition
> is wrong. You have to change this logic. Say, add value to lookup key.

Hmm, this looks excessive. I don't need a map, just a list. What's the
canonical lookup just to check if the string is listed in a file?

PS in olden times, I think I could write something like

acl_not_smtp:
accept condition = ${lookup{$authenticated_sender}lsearch{/etc/mail/whitelist.local}}
discard message

and it used to work. Then, for some reason, someone introduced all those
ifs and bools and made them obligatory in ACL conditions.

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 2:25 AM

Post #10 of 13 (1187 views)

On Mon, May 31, 2021 at 03:59:57PM +0700, Victor Sudakov via Exim-users wrote:
> PS in olden times, I think I could write something like
>
> acl_not_smtp:
> accept condition = ${lookup{$authenticated_sender}lsearch{/etc/mail/whitelist.local}}
> discard message
>
> and it used to work.

It's very simple and does not require boolean convertions:

condition = ${lookup {<key>} lsearch {<file>}{yes}{no}}
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 2:47 AM

Post #11 of 13 (1187 views)

On 31/05/2021 08:46, Victor Sudakov via Exim-users wrote:
> root@http1:~ # exim -C /usr/local/etc/exim/configure.nolocalmail -be '${lookup{root@http1.hiddendomain.com}lsearch{/etc/mail/whitelist.local}}'
>
> root@http1:~ # grep root@http1.hiddendomain.com /etc/mail/whitelist.local
> root@http1.hiddendomain.com
> root@http1:~ #

Those two don't seem to match. Because you're obfuscating we
can't be certain, but it's most likely that one of the strings
involved is incorrect.

Obfuscation makes it harder for us to help you.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 3:04 AM

Post #12 of 13 (1187 views)

Evgeniy Berdnikov via Exim-users wrote:
> On Mon, May 31, 2021 at 03:59:57PM +0700, Victor Sudakov via Exim-users wrote:
> > PS in olden times, I think I could write something like
> >
> > acl_not_smtp:
> > accept condition = ${lookup{$authenticated_sender}lsearch{/etc/mail/whitelist.local}}
> > discard message
> >
> > and it used to work.
>
> It's very simple and does not require boolean convertions:
>
> condition = ${lookup {<key>} lsearch {<file>}{yes}{no}}

Oh. Was it just "{yes}{no}" I was missing from the "old school" condition above?

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

Re: discard mail from all local users except [ In reply to ]

exim-users at exim

May 31, 2021, 3:07 AM

Post #13 of 13 (1187 views)

Jeremy Harris via Exim-users wrote:
> On 31/05/2021 08:46, Victor Sudakov via Exim-users wrote:
> > root@http1:~ # exim -C /usr/local/etc/exim/configure.nolocalmail -be '${lookup{root@http1.hiddendomain.com}lsearch{/etc/mail/whitelist.local}}'
> >
> > root@http1:~ # grep root@http1.hiddendomain.com /etc/mail/whitelist.local
> > root@http1.hiddendomain.com
> > root@http1:~ #
>
> Those two don't seem to match. Because you're obfuscating we
> can't be certain, but it's most likely that one of the strings
> involved is incorrect.
>
> Obfuscation makes it harder for us to help you.

Already solved by Evgeniy, thank you!

Quoting Evgeniy (and his solution is correct):

All works as programmed: Lookup for "root@http1.hiddendomain.com" gives
empty string, bool{} converted it to "false", so ${if...} fails and condition
is wrong. You have to change this logic. Say, add value to lookup key.

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet