On 06 September 2002, Philip Hazel said:
> The RCPT ACL doesn't reject messages; it rejects addresses. If all
> addresses are rejected, the server doesn't even get to see the contents
> of the message.
Right. I think I have figured out a nicer way to do this; it involves
turning "deny" ACL statements into "warn", and then later checking for
the header added by the warning.
For example, the first statement in my RCPT ACL is this:
# If the sender address or domain is listed in spammer-*.cdb,
# reject all recipients.
deny senders = @@cdb;/etc/exim/spammer-domains.cdb : \
cdb;/etc/exim/spammer-addrs.cdb
message = message from known spammer rejected
In my alternative RCPT ACL -- to be used when I want to save all
rejected mail -- I use this instead:
warn senders = @@cdb;/etc/exim/spammer-domains.cdb : \
cdb;/etc/exim/spammer-addrs.cdb
message = X-reject: known-spammer; \
message from known spammer rejected
Then, my local_scan() function will look for an X-reject header. If
there, it will 1) save the message to .../known-spammer (folder name
taken from the header), and 2) return LOCAL_SCAN_REJECT with the message
"message from known spammer rejected" (also from the header).
I still have to do a fair amount of cut-n-paste coding, but at least now
it's all still in the Exim config file. Some ACL statements are trivial
to recode in Python -- eg. checking for 8-bit junk in the subject
header. But I have no desire to rewrite header syntax verification; I'm
sure it could be done, but exactly emulating Exim's behaviour is waaaay
more trouble than it's worth.
> The DATA ACL does have the message available while it is running. I
> guess you could use the ${run expansion item to sneak a copy of the -D
> file (which does exist at that point). The headers are only in main
> memory - but you can see them using $message_headers. Essentially this
> is the same trick as using local_scan().
Ooh, what an evil idea. I think looking for X-reject in local_scan() is
probably cleaner. Will keep this trick up my sleeve if I need it
though!
Greg
--
Greg Ward <gward@???> http://www.gerg.ca/
Well, I didn't expect a sort of Spanish Inquisition!