On Mon, 30 Sep 2002, Rick Ennis wrote:
> All ACLs are run before any of the routers (correct me if I'm wrong there).
Well, not totally true. Routers are used for address verification, which
can be requested from an ACL.
> So there's no way to get the recipient user's actual login name (I'm
> thinking something like $local_part here) in the ACL, right? The glaring
> example I think of first is an alias address. If the recipient address is
> an alias, but the "redirect" router that does the substitution for the alias
> isn't run until later, the ACL wouldn't have any way of getting the real
> login name.
In the next release (not expected for some months) the value from
$address_data at the end of routing during verification will be
available back in the ACL. That might be one way of solving your
problem. However, a more traditional way of doing this would simply be
to arrange for the recipient verification to fail, with a router like
this:
special:
driver = redirect
check_local_user
verify_only
verify_sender = false
condition = ${lookup{$sender_address_domain}lsearch\
{/home/$local_part/..}{yes}{no}}
allow_fail
data = :fail: get lost
... or something along those lines. That's just a sketch outline. Of
course, you'd place that _after_ the aliasing router.
> The reason I ask is because I want to do a file lookup in the user's home
> directory in the ACL. Something like...
>
> deny !sender_domains = /home/$local_part/no-verify-domains
> !verify = sender/callout
>
> Is there any variable I can use in place of $local_part that would work
> there?
No.
And remember, Exim is running as "exim" at ACL time. You would have
to ensure that the file in the user's home directory was readable by
exim for that to work (and indeed also for my router suggestion to
work).
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.