Mailing List Archive

Hi,

D?a Tue, 26 Oct 2021 18:17:09 +0200 Marco Gaiarin via Exim-users
<exim-users@exim.org> napísal:

> and put HELO, MAIL FROM: and RCPT TO: by hand; and effectively the
> ACL fail; at the last i have:

I often store commands in that.file, eg.:

EHLO somename
MAIL FROM: <sender@addr>
RCPT TO: <rcpt@addr>
QUIT

And then i fire:

exim -bh <IP_OF_THE_SENDER> < that.file

...but result is the same as doing it manually, except that you can
simple repeat it ;-)

> ----------- end verify ------------
> require: condition test succeeded in ACL "acl_check_rcpt"
> processing "require"
> message: ${if >{$rcpt_fail_count}{0} {unrouteable address}{unknown
> user}} l_message: ${if >{$rcpt_fail_count}{0} {Dictionary attack
> (${eval:$rcpt_fail_count+1} failed recipients)}{}}
> check domains = !+local_domains
> cached yes match for +local_domains
> cached lookup data = NULL
> ac.concordia-pordenone.it in "!+local_domains"? no (matched
> "!+local_domains" - cached)
> require: condition test failed in ACL "acl_check_rcpt"
> SMTP>> 550 unknown user
> 550 unknown user
> LOG: MAIN REJECT
>
> OK; but how can i determine the exact point in acl_check_rcpt ACL
> that make it fail? I'm a bit puzzled...

In the output you have all processed ACL and its condition shown, eg.:

check domains = !+local_domains

This will be somewhere in your ACL definition as:

require:
...
domains = !+local_domains

Next in above output you can see line:

ac.concordia-pordenone.it in "!+local_domains"? no ...

This is result of that domains check and means, that
ac.concordia-pordenone.it is in your local_domains list and that
condition is not meet (as it is negated by ! -- not in list).

That snippets show cached local_domains search result, exact match will
be shown when exim did that search first.

regards

--
Slavko
https://www.slavino.sk

On 26/10/2021 17:17, Marco Gaiarin via Exim-users wrote:
> require: condition test succeeded in ACL "acl_check_rcpt"
> processing "require"
> message: ${if >{$rcpt_fail_count}{0} {unrouteable address}{unknown user}}
[...]
> require: condition test failed in ACL "acl_check_rcpt"
> SMTP>> 550 unknown user
> 550 unknown user
> LOG: MAIN REJECT
>
> OK; but how can i determine the exact point in acl_check_rcpt ACL that make it
> fail? I'm a bit puzzled...

Since 4.93 the "processing" debug line gives the config filename and
line number. Presumably you're running something older.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Mandi! Jeremy Harris via Exim-users
In chel di` si favelave...

> Since 4.93 the "processing" debug line gives the config filename and
> line number. Presumably you're running something older.

Yes, version 4.84.2-2+deb8u8 ...

--
Vendere no, non passa tra i miei rischi,
non comprate i miei dischi e sputatemi addosso. (F. Guccini)



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Mandi! Slavko via Exim-users
In chel di` si favelave...

>> OK; but how can i determine the exact point in acl_check_rcpt ACL
>> that make it fail? I'm a bit puzzled...

> In the output you have all processed ACL and its condition shown, eg.:
> check domains = !+local_domains

> This will be somewhere in your ACL definition as:
> require:
> ...
> domains = !+local_domains

> Next in above output you can see line:
> ac.concordia-pordenone.it in "!+local_domains"? no ...
> This is result of that domains check and means, that
> ac.concordia-pordenone.it is in your local_domains list and that
> condition is not meet (as it is negated by ! -- not in list).
> That snippets show cached local_domains search result, exact match will
> be shown when exim did that search first.

The only other entry like this above is:

processing "deny"
check domains = +local_domains
ac.concordia-pordenone.it in "@:localhost : ac.concordia-pordenone.it :
liste.ac.concordia-pordenone.it"? yes (matched "ac.concordia-pordenone.it")
ac.concordia-pordenone.it in "+local_domains"? yes (matched "+local_domains")
check local_parts = ^[.] : ^.*[@%!|`#&?]
gaio in "^[.] : ^.*[@%!|`#&?]"? no (end of list)
deny: condition test failed in ACL "acl_check_rcpt"
processing "deny"
check domains = !+local_domains
cached yes match for +local_domains
cached lookup data = NULL
ac.concordia-pordenone.it in "!+local_domains"? no (matched "!+local_domains" - cached)
deny: condition test failed in ACL "acl_check_rcpt"

The only ACL in 'deny' that have an 'domains = !+local_domains' within is:

.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
delay = ${eval:TEERGRUBE}s
.endif

and 'CHECK_RCPT_REMOTE_LOCALPARTS':

CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./


Why matches?! Thanks.

--
Le vie del Signore sono infinite.
E' la segnaletica che lascia a desiderare...



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Mandi! Marco Gaiarin
In chel di` si favelave...

> Why matches?! Thanks.

What a dumbass! Sorry!


I was connected in VPN, so i was using a private IP, but not in
+relay_from_hosts...


Again, sorry...

--
Se non trovi nessuno vuol dire che siamo scappati alle sei-shell (bash,
tcsh,csh...) (Possi)



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/