Re: [Exim] (no subject)

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Andreas Heinlein
CC: exim-users
Subject: Re: [Exim] (no subject)
On Thu, 15 Mar 2001, Andreas Heinlein wrote:

> 1. Exim requires SMTP authentication, so we have a $authenticated_id for
> later use


I presume from this, that *all* the messages you are interested in
controlling are coming in over SMTP, and are authenticated.

> 2. Certain (authenticated) users may send only to local recipients
> 3. Certain users may send everywhere
> 4. Certain users may send mail locally *and* to certain non-local recipients
> specified in a database/file, on a per-user basis


Set up a router and a director, first in each list, restricted to run
only when $authenticated_id is relevant, by means of the "condition"
option. Now you know they are handling only messages from your users.

The director should check for forbidden addresses by means of a suitable
"condition", and be a smartuser, with new_address = :fail: Not allowed.

The router is trickier because it cannot generate a :fail:
unfortunately. However, you can make it a domainlist that routes to
the local host and set self=fail, which isn't as nice.

In Exim 4, where routers and directors are amalgamated, you'll only need
one router and it will all be much cleaner.

> I believe I need to set up some "condition" on the appropriate routers, but
> what would it look like?


That rather depends on how you maintain the data. One file per sender
seems a bit gross, but would be the easiest.

condition = \
${lookup{$local_part@$domain}lsearch{/allowed/for/$authenticated_id}\
{yes}{no}}

Of course, I've specified two conditions. You'll have to amalgamate them
using the "and" condition.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.