Hi,
I'm troubleshooting an acl and having an issue using exim -bh. Here's
the command line:
exim -d+acl -bh 100.10.10.10.587 -oMai [email protected]
Here's the acl that's failing (not the one I'm trying to troubleshoot):
acl_check_connect:
deny message = Connection not allowed for IP address
$sender_host_address - contact IT Services for assistance
hosts = +deny_from_hosts
warn hosts = +accept_from_mua_hosts : +accept_from_mta_hosts
control = allow_auth_unadvertised
accept condition = ${if ={$interface_port}{587}}
accept hosts = +relay_from_hosts
condition = ${if ={$interface_port}{25}}
deny message = Connection not allowed for IP address
$sender_host_address - contact IT Services for assistance
And here's the edited result:
using ACL "acl_check_connect"
processing "deny" (/etc/exim/exim.conf 150)
message: Connection not allowed for IP address $sender_host_address -
contact IT Services for assistance
check hosts = +deny_from_hosts
host in "+deny_from_hosts"?
list element: +deny_from_hosts
start sublist deny_from_hosts
host in "/etc/exim/denied_hosts"?
╎list element: /etc/exim/denied_hosts
host in "/etc/exim/denied_hosts"? no (end of list)
end sublist deny_from_hosts
host in "+deny_from_hosts"? no (end of list)
deny: condition test failed in ACL "acl_check_connect"
processing "warn" (/etc/exim/exim.conf 153)
check hosts = +accept_from_mua_hosts : +accept_from_mta_hosts
host in "+accept_from_mua_hosts : +accept_from_mta_hosts"?
list element: +accept_from_mua_hosts
start sublist accept_from_mua_hosts
host in "/etc/exim/allowed_mua_hosts"?
╎list element: /etc/exim/allowed_mua_hosts
host in "/etc/exim/allowed_mua_hosts"? no (end of list)
end sublist accept_from_mua_hosts
list element: +accept_from_mta_hosts
start sublist accept_from_mta_hosts
host in "/etc/exim/allowed_mta_hosts"?
╎list element: /etc/exim/allowed_mta_hosts
host in "/etc/exim/allowed_mta_hosts"? no (end of list)
end sublist accept_from_mta_hosts
host in "+accept_from_mua_hosts : +accept_from_mta_hosts"? no (end of list)
warn: condition test failed in ACL "acl_check_connect"
processing "accept" (/etc/exim/exim.conf 156)
check condition = ${if ={$interface_port}{587}}
=
accept: condition test failed in ACL "acl_check_connect"
processing "accept" (/etc/exim/exim.conf 158)
check hosts = +relay_from_hosts
host in "+relay_from_hosts"?
list element: +relay_from_hosts
start sublist relay_from_hosts
host in "localhost : +accept_from_mua_hosts : +accept_from_mta_hosts"?
╎list element: localhost
duplicate IP address 127.0.0.1 (MX=-1) removed
gethostbyname2 looked up these IP addresses:
name=localhost address=::1
name=localhost address=127.0.0.1
╎list element: +accept_from_mua_hosts
╎ start sublist accept_from_mua_hosts
╎cached no match for +accept_from_mua_hosts
╎cached lookup data = NULL
╎list element: +accept_from_mta_hosts
╎ start sublist accept_from_mta_hosts
╎cached no match for +accept_from_mta_hosts
╎cached lookup data = NULL
host in "localhost : +accept_from_mua_hosts : +accept_from_mta_hosts"?
no (end of list)
end sublist relay_from_hosts
host in "+relay_from_hosts"? no (end of list)
accept: condition test failed in ACL "acl_check_connect"
processing "deny" (/etc/exim/exim.conf 161)
message: Connection not allowed for IP address $sender_host_address -
contact IT Services for assistance
deny: condition test succeeded in ACL "acl_check_connect"
end of ACL "acl_check_connect": DENY
SMTP>> 550-Connection not allowed for IP address 100.10.10.10 - contact IT
Services
It appears to me this is failing because exim believes the submission
is on port 25, even though I've specified port 587 on the command line.
Am I missing something?
Thanks,
John A
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
