Mailing List Archive

On 13/11/2023 12:25, Tapio Peltonen via Exim-users wrote:
> Is there something I'm missing here? Should the backslashes in
> included files be doubly escaped or something?

You already have backslashes in front of the RE backslashes
(eg "\d"). That would be for protecting against Exim expanding,
but that's not happening. See section 2.2 in

https://exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html

"no expansion of the data from the file takes place".
--
Cheers,
Jeremy

PS: 4.94 is pretty old. 4.97 is current.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Hello.

On Mon, Nov 13, 2023 at 02:25:21PM +0200, Tapio Peltonen via Exim-users wrote:
> I have the following line in my local_sender_blacklist file, which is
> included as a blacklisted address list:
>
> ^.*@s\\d+\\..+\\.ru
[...]
> This does not match anything. Other lines in the blocklist work, this
> does not. For example this spam got through:
>
> 2023-11-12 19:48:04 1r2EZ2-001Ocx-6S <= info@s7.alextro.ru
> H=(s7.alextro.ru) [94.139.242.37] P=esmtp S=20273
> id=829c43219fe28a9d5849a83f24063c0e@s7.alextro.ru
>
> According to the Exim documentation, regexes should work in address
> lists. The file is included in acl_check_rcpt:
>
> deny
> message = sender envelope address $sender_address is locally
> blacklisted here. If you think this is wrong, get in touch with
> postmaster
> !acl = acl_local_deny_exceptions
> senders = ${if exists{CONFDIR/local_sender_blacklist}\
> {CONFDIR/local_sender_blacklist}\
> {}}

In Debian Exim has the same ACL (with additional log_message=...), in file
/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt (CONFDIR=/etc/exim4).
I tested it with your example:

# echo '^.*@s\\d+\\..+\\.ru' > /etc/exim4/local_sender_blacklist
# exim4 -d-all+lookup+expand -bh 94.139.242.37
Exim version 4.97 uid=0 gid=0 pid=5402 D=10100
[...]
EHLO test
[...]
MAIL FROM:<info@s7.alextro.ru>
[...]
RCPT TO:<bd4@xxx.protva.ru>
[...]
???expanding: ${if exists{/etc/exim4/local_sender_blacklist}{/etc/exim4/local_sender_blacklist}{}}
??????result: /etc/exim4/local_sender_blacklist
info@s7.alextro.ru in "/etc/exim4/local_sender_blacklist"?
list element: /etc/exim4/local_sender_blacklist
info@s7.alextro.ru in "/etc/exim4/local_sender_blacklist"? yes (matched "^.*@s\d+\..+\.ru" in /etc/exim4/local_sender_blacklist)
message: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
l_message: sender envelope address is locally blacklisted.
?considering: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
????????text: sender envelope address
?considering: $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
???????value: info@s7.alextro.ru
???(tainted)
?considering: is locally blacklisted here. If you think this is wrong, get in touch with postmaster
????????text: is locally blacklisted here. If you think this is wrong, get in touch with postmaster
???expanding: sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
??????result: sender envelope address info@s7.alextro.ru is locally blacklisted here. If you think this is wrong, get in touch with postmaster
???(tainted)
deny: condition test succeeded in ACL "acl_check_rcpt"
end of ACL "acl_check_rcpt": DENY
550-sender envelope address info@s7.alextro.ru is locally blacklisted here. If
550 you think this is wrong, get in touch with postmaster
LOG: MAIN REJECT
H=(test) [94.139.242.37] Ci=5402 F=<info@s7.alextro.ru> rejected RCPT <bd4@xxx.protva.ru>: sender envelope address is locally blacklisted.

Try to run Exim with the same debug options.
--
Eugene Berdnikov

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Mon, Nov 13, 2023 at 04:33:25PM +0300, Evgeniy Berdnikov via Exim-users wrote:
> # echo '^.*@s\\d+\\..+\\.ru' > /etc/exim4/local_sender_blacklist
> # exim4 -d-all+lookup+expand -bh 94.139.242.37
[...]
> info@s7.alextro.ru in "/etc/exim4/local_sender_blacklist"? yes (matched "^.*@s\d+\..+\.ru" in /etc/exim4/local_sender_blacklist)

Oh, sorry, sorry... Result of echo is a string with "\\" reduced to "\",
as this trace shows. Jeremy is right.
--
Eugene Berdnikov

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Mon, 13 Nov 2023 at 15:34, Evgeniy Berdnikov via Exim-users
<exim-users@lists.exim.org> wrote:
> # exim4 -d-all+lookup+expand -bh 94.139.242.37

Oh, thank you, I hadn't really familiriazed me with the exim command
line options and how to run a fake session. It works now, I had too
many backslashes in the file, as Jeremy noted.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/