Re: [Exim] disabling data acl checks depending on envelope t…

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Patrice Fournier
CC: Philip Hazel, exim-users
Subject: Re: [Exim] disabling data acl checks depending on envelope to
On Wed, Mar 06, 2002 at 07:16:00PM -0500, Patrice Fournier wrote:
> How about using warn in your rcpt ACL to add a custom header when
> sales@domain is one of the recipients (this header could even explain to
> the other users why this mail went through (that is if they do read the
> headers!)) and checking for that header in the data ACL? I've not tested
> this... so it may not work as expected...


Ok, so I owed an answer on that. I was having problems with it until I saw
that Philip fixed warn to show up in the DATA ACL (exim 4.03)

Quick version: works fine
Thanks to you for the suggestion and to Philip for making it work.

For the others, if you are curious, the relevant parts of my config look
like this

acl_check_rcpt:

# Accept if source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accept hosts = :

  # This is to accept anything from localhost, and especially mailman which
  # chokes badly if you refuse its mail
  accept  hosts         = 127.0.0.1


  # Deny if the local part contains @ or % or / or | or !. These are rarely
  # found in genuine local parts, but are often tried by people looking to
  # circumvent relaying restrictions.
  deny    local_parts   = ^.*[@%!/|]


  warn     message       = X-WhitelistedRCPT-nohdrsyncheck: Yes
           local_parts   = +nohdrsyncheck


  warn     message       = X-WhitelistedRCPT-nohdrfromcallback: Yes
           local_parts   = +nohdrfromcallback


(...)


check_data:
  deny    !verify = header_syntax
         !condition = $header_X-WhitelistedRCPT-nohdrsyncheck:
          message = Syntax error in the headers of your message. Failed to parse


  deny    hosts = !+localadds:!+host_disable_callback:*
          #sender_domains = !+envdomain_disable_callback:*
         !condition = $header_X-WhitelistedRCPT-nohdrfromcallback:                       !condition = ${lookup{${domain:$header_from:}}lsearch{HDR_DOMAIN_DISABLE_CALLBACK}}
         !verify = header_sender/callout=90s
          message = Header sender couldn't be verified


--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key