[Exim] ORing multiple ACLs & verify sender/callout

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Rick Ennis
Dátum:  
Címzett: exim-users
Tárgy: [Exim] ORing multiple ACLs & verify sender/callout
Hi all. After reading some of the recent posts about "verify =
sender/callout" I decided to start playing with it. Now I'm left with two
questions that are really giving me the runaround. Maybe someone could
point me in the right direction...

(1). Is there a standard or preferred way of doing sender/callout?
Specifically, between these two approaches:
require verify = sender/callout
require verify = header_sender/callout

I understand what each of them does (envelope vs. header) --and that one
has to be used after the DATA section. But depending on which I use
(either way), at least some of my mailing lists start getting blocked. And
while I can't guarantee that all the lists I'm subscribed to are "doing the
right thing," I certainly don't want to start losing mail.

(2). The second question is my attempt to deal with the first. Whether or
not it's the right way (is it?) I'm still curious how to do this. What I'm
thinking is to setup two ACLs, both executing after DATA reception. One
does each of the two verifies and then I *OR* the ACLs. That way if either
succeeds I accept the message.

Looking through some old postings I found a discussion with this example
(which I believe was from before exim4's actual release):

>     local_acl:
>       accept recipient = +local_domains : verify : verify_sender
>     relay_acl:
>       accept recipient = +relay_domains
>       accept authenticated

>
> The colons in individual ACLs are interpreted as `and'. The ACLs are
> used by being referred to from options in other parts of the
> configuration. For incoming messages, the accept_recipient option lists
> the ACLs to apply to the arguments of RCPT commands. For example,
>
>     accept_recipient = local_acl : relay_acl

>
> The colons in these lists are interpreted as `or'. In this example, the
> recipient is accepted if either of the two ACLs accepts it. ACLs can
> also be referred to from other ACLs. (There will a check to prevent
> looping.)



So I tried something similar in my config. Here's my failed attempt to OR
a header and envelope test:

acl_smtp_data = check_message_envelope : check_message_headers

check_message_envelope:
require verify = sender/callout
accept

check_message_headers:
require verify = header_sender/callout
accept

According to the spec, acl_smtp_data is a string, not a list. So I guess
that explains why my approach failed. Is there an easy way to do this that
I'm missing? I did see a reference to the "acl = " directive, but had
trouble finding any examples that used it. Is that what I need?

Thanks!

--
Rick Ennis
ennis@???