Re: [Exim] $local_part equivilent in an ACL

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Rick Ennis
Dátum:  
Címzett: Philip Hazel
CC: exim-users
Tárgy: Re: [Exim] $local_part equivilent in an ACL
Thanks for the suggestion Philip. Since I'm trying to decide whether or not
to do a "verify=sender/callout" on a message (based on the contents of a
file in the recipient's home directory), I think I may end up waiting for
that far off new option. It sounds like it would be possible with the
router solution, but very messy.

I'd have to have a verification router do the lookup in the file from their
home directory and then get that success/failure result back to
the ACL to determine whether or not to do the callout. But I wouldn't be
able to use the basic success/failure of the router itself (for the callout
decision) because I'd need that to determine if the recipient address is
actually valid. ....hey, there isn't a way to call "verify = recipient"
from an ACL and specify which router to start with, is there? Then I could
do two verifications of the recipient address. The first could return to
the ACL the validity of the address. The second could tell me about the
contents of the file and whether or not to verify the sender. But I don't
think that's an option.


----- Original Message -----
From: "Philip Hazel" <ph10@???>
To: "Rick Ennis" <rge1@???>
Cc: <exim-users@???>
Sent: Tuesday, October 01, 2002 6:16 AM
Subject: Re: [Exim] $local_part equivilent in an ACL


> On Mon, 30 Sep 2002, Rick Ennis wrote:
>
> > All ACLs are run before any of the routers (correct me if I'm wrong

there).
>
> Well, not totally true. Routers are used for address verification, which
> can be requested from an ACL.
>
> > So there's no way to get the recipient user's actual login name (I'm
> > thinking something like $local_part here) in the ACL, right? The

glaring
> > example I think of first is an alias address. If the recipient address

is
> > an alias, but the "redirect" router that does the substitution for the

alias
> > isn't run until later, the ACL wouldn't have any way of getting the real
> > login name.
>
> In the next release (not expected for some months) the value from
> $address_data at the end of routing during verification will be
> available back in the ACL. That might be one way of solving your
> problem. However, a more traditional way of doing this would simply be
> to arrange for the recipient verification to fail, with a router like
> this:
>
> special:
>   driver = redirect
>   check_local_user
>   verify_only
>   verify_sender = false
>   condition = ${lookup{$sender_address_domain}lsearch\
>                {/home/$local_part/..}{yes}{no}}
>   allow_fail
>   data = :fail: get lost

>
> ... or something along those lines. That's just a sketch outline. Of
> course, you'd place that _after_ the aliasing router.
>
> > The reason I ask is because I want to do a file lookup in the user's

home
> > directory in the ACL. Something like...
> >
> > deny  !sender_domains = /home/$local_part/no-verify-domains
> >          !verify = sender/callout

> >
> > Is there any variable I can use in place of $local_part that would work
> > there?
>
> No.
>
> And remember, Exim is running as "exim" at ACL time. You would have
> to ensure that the file in the user's home directory was readable by
> exim for that to work (and indeed also for my router suggestion to
> work).
>
>
> --
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>
>