On 1 Feb 2000, Lorens Kockum wrote:
> 2) per-domain, per-user, and per-alias incoming mail filtering on
> remote IP, MAIL FROM, RCPT TO, which would reject before DATA
> (hmmm... size and things like that in an ESMTP session would
> probably be good too, though I wouldn't have the use for it
> myself)
Exim can do that.
>
> 3) per-domain, per-user, and per-alias incoming mail filtering on
> message DATA, which would reject after the <CRLF>.<CRLF>
Exim cannot do that. All it can do is check the syntax of header lines
that contain addresses, and ensure that there is a valid sender in one
of them. It can only filter on message content at the start of a
delivery, i.e. after it has received the message.
> (Does
> this happen often enough for one to be able to expect X.Random
> MTA to handle it correctly?
It is certainly the case that some MTAs treat any error after CRLF.CRLF
as a temporary error. See various comments in the Exim manual.
> There might be a problem in that
> the only permitted error codes are for transaction error and
> storage exceeded, but well. I can uphold that storage space on
> my system is 0 for spam :-)) If multiple RCPT, then reject
> after DATA if all the RCPTs reject in the same way!
>
> Basically what I want is to be able to execute code after RCPT
> and after the message DATA, which would specify the action to be
> taken.
If you turn verification on, you can in effect "execute code" after
RCPT. Indeed, you could get a Perl script run via the embedded Perl
facility. Of course, the more you execute, the longer it holds down the
SMTP connection, which might matter on a busy system. However, there is
no facility for doing this after DATA.
> At RCPT:
>
> if the RCPT is postmaster or abuse, the RCPT is accepted.
recipients_reject_except = postmaster : abuse
> if the originating IP is in the RBL or the DUL, the mail
> is rejected with a permanent error.
Set approprite RBL options. The rejection is done by rejecting every
RCPT command.
> if the RCPT matches a certain regexp A, and the MAIL FROM
> matches another regexp, the RCPT TO is rejected with a
> permanent error.
Set receiver_verify, and supply a suitable director (assuming we are
talking about a local domain) for verification only, that does the test.
Something like
xxx:
driver = smartuser
domains = the.dom.ain
local_parts = ^regex
senders = ^regex
verify_only
no_more
new_address = :fail: I don't like you
> if the RCPT matches a certain regexp B, and the same SMTP
> session has already made other RCPTs also matching B, the
> RCPT TO is rejected, and all subsequent RCPTs and the DATA
> are rejected.
Cannot do. Each recipient is treated independently. (Unless, I suppose,
you make a director call Perl and get it to create a file per process in
which it stuffs/reads data. But when do you delete the file? Far too
expensive and error-prone. I would not like to try it.)
> if the RCPT matches a certain regexp C, and the same SMTP
> session has already made other RCPTs matching a regexp D,
> that RCPT TO is rejected with a temporary error.
Ditto.
> After the <CR><LF>.<CR><LF> terminating the DATA:
>
> For each RCPT, execute appropriate code.
This cannot be done. It *can* be done as part of the delivery process,
after the message has been accepted.
> Is this feasible with Exim? With a bit of hacking maybe? Or
> just some of it?
Some of it.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
