Re: [Exim] ACL's RULE!

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dave C.
Date:  
À: Juha Saarinen
CC: exim-users@exim.org
Sujet: Re: [Exim] ACL's RULE!
On Tue, 11 Jun 2002, Juha Saarinen wrote:

> On Mon, 10 Jun 2002, Dave C. wrote:
>
> >  # All hotmail.com mail should have this header
> >    deny          sender_domains  = hotmail.com
> >                  message         = X-Forgery: NOT HOTMAIL
> >                  condition       = ${if def:header_X-Originating-IP:{no}{yes}}

> >
> >  # All aol.com mail should have this header
> >    deny          sender_domains  = aol.com
> >                  message         = X-Forgery: NOT AOL MAILER
> >                  condition       = ${if match {$h_X-Mailer:}{.*[Aa][Oo][Ll].*} {no}{yes}}

> >
> >  # All aol.com mail should have a matching received header
> >    deny          sender_domains  = aol.com
> >                  message         = X-Forgery: NOT AOL SERVER
> >                  condition       = ${if match {$h_Received:}{.*by.*[Aa][Oo][Ll]\.[Cc][Oo][Mm].*}{no}{yes}}

> >
> > # All yahoo.com mail will have either
> > # "...yahoo.com via HTTP "
> > # *OR*
> > # "...yahoo.com with NNFMP"
> >
> >    deny          sender_domains  = yahoo.com
> >                  message         = X-Forgery: NOT YAHOO SERVER
> >                  condition       = ${if match {$h_Received:}{yahoo.com.via.HTTP}{no}{yes}}
> >                  condition       = ${if match {$h_Received:}{yahoo.com.with.NNFMP}{no}{yes}}

>
> Dave, I've not quite figured out how Exim processes ACLs, so would you
> mind posting the full acl_smtp_data acl that you use? What I'm not sure
> about is how to set up the "accept" conditions.
>


I just have an unconditional accept at the end in mine after all the
deny items.

Here is a short sweet summary:

exim processes the items listed in an ACL in order.

deny :
if all items are true, stop acl processing, return deny
if any item is false, continue

require :
if all items are true, continue to next item
if any item is false, stop processing, return deny

accept :
if all items are true, stop acl processing, return accept

warn
if all items are true, add "message" as a header, continue to next item


If the end of the acl is reached without a satisfied accept, the default
is to deny

Require and deny do almost the same thing, with the logic inverted.

Read section 37 of the specfile for more detail.