Reading the documentation leads me to believe that all I *should* have to do is create a file named local_host_blacklist in the /etc/exim4 folder and populate it with the IPs I wish to be banned. Done and Done, and yet when I run update-exim4.conf (not sure I even need to do that, but it seems like it would not hurt) and restart the daemon, my IP, which I put in the blacklist file, can still send just fine. I went so far as to chmod everything in /etc/exim4 to 777 just to make sure it was not a permissions problem. I do not have a whitelist file, but my IP *is* in the allowed relay_nets. If it''s relevant, I''m working on a test setup with an eye to adding SA and AV to my real servers eventually, so I''m running a exim-daemon-heavy with the split config. My base system is running the current Ubuntu Server LTS (8.04). It says my Exim version is "MAIN_PACKAGE_VERSION=4.69-5ubuntu2". Any ideas on why it isn''t picking up the values in the local blacklist? Or is that not the correct way to do a deny IP list? Thanks, Aileen C.
Aileen Carlstrom <acarls at zcorum.com> wrote:> Reading the documentation leads me to believe that all I *should* have > to do is create a file named local_host_blacklist in the /etc/exim4 > folder and populate it with the IPs I wish to be banned. Done and Done, > and yet when I run update-exim4.conf (not sure I even need to do that, > but it seems like it would not hurt) and restart the daemon,both not necessary. ;-)> my IP, which I put in the blacklist file, can still send just fine.[...] In the acl evaluating the host-blacklist happens after accepting all mail from +relay_from_hosts. The local host is usually included in this hostlist and therefore bypasses the check for the blacklist. You''ll need to use a remote testing host. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.'' `I sew his ears on from time to time, sure''
Hello Andreas, Andreas Metzler, 29.03.2009 (d.m.y):> Aileen Carlstrom <acarls at zcorum.com> wrote: > > Reading the documentation leads me to believe that all I *should* have > > to do is create a file named local_host_blacklist in the /etc/exim4 > > folder and populate it with the IPs I wish to be banned. Done and Done, > > and yet when I run update-exim4.conf (not sure I even need to do that, > > but it seems like it would not hurt) and restart the daemon, > > both not necessary. ;-) > > > my IP, which I put in the blacklist file, can still send just fine. > [...] > > > In the acl evaluating the host-blacklist happens after accepting all > mail from +relay_from_hosts. The local host is usually included in > this hostlist and therefore bypasses the check for the blacklist. > > You''ll need to use a remote testing host.What about running ''exim -bhc 1.2.3.4'' (where 1.2.3.4 is the IP address of interest)? Regards, Christian -- When one burns one''s bridges, what a very nice fire it makes. -- Dylan Thomas
Christian Schmidt <christian at siebenbergen.de> wrote:> Andreas Metzler, 29.03.2009 (d.m.y):[blacklist testing]>> You''ll need to use a remote testing host.> What about running ''exim -bhc 1.2.3.4'' (where 1.2.3.4 is the IP > address of interest)?That should also work, even with swak --pipe. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.'' `I sew his ears on from time to time, sure''