Hi all, I just found the following unusual message in my Exim logs:
2009-06-27 21:14:58 host name alias list truncated for 69.10.169.230 Curious, I did a DNS lookup on that IP: ch...@top ~ $ host 69.10.169.230 | wc -l 86 ch...@top ~ $ host 69.10.169.230 | head -5 ;; Truncated, retrying in TCP mode. 230.169.10.69.in-addr.arpa domain name pointer heavenlydonut.com. 230.169.10.69.in-addr.arpa domain name pointer pitrivertribe.org. 230.169.10.69.in-addr.arpa domain name pointer shastawebmail.com. 230.169.10.69.in-addr.arpa domain name pointer vidalvineyard.com. Looks like a spammer to me :) Luckily, Exim provides a way to match senders like this: defer set acl_c_ptr_count = ${reduce {${lookup dnsdb{>: \ ptr=$sender_host_address}}} {0} {${eval:$value+1}}} condition = ${if >{$acl_c_ptr_count}{4}} message = Too many PTR records ($acl_c_ptr_count) This matches any host with more than four PTR records. I based the reduce operation on the one in the manual. [http://www.exim.org/exim-html-current/doc/html/spec_html/ch11.html#SECTexpcond] Although this is pretty ugly. I don't suppose anyone wants to implement a "count" operation to count the number of items in a list? Or would accept a patch for same? Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/