[exim] acl + conditions

Top Page
Delete this message
Reply to this message
Author: Malte Geierhos
Date:  
To: Lista Exim
Subject: [exim] acl + conditions
hi again,

i want to implement user - definable black / whitelists
hm i looked around and found that i can use acl.
But perhaps my brains are frosted and i should use a router...
however, it doesn't work as expected, but mostly because the acl's i've
written are never reached as i saw in debug output, hm before i try to
configure an impossible thing, i'd like to ask you if i'm right...
sorry for the mailbox bloating..:-)

defined lists:

domainlist     whitelist_domains = ${lookup mysql {select acpt_domain from
whitelist where rcpt_address="${local_part}@${domain}"}fail}
addresslist    whitelist_sender  = ${lookup mysql {select acpt_address from
whitelist where rcpt_address="${local_part}@${domain}"}fail}
domainlist     blacklist_domains = ${lookup mysql {select deny_domain from
blacklist where rcpt_address="${local_part}@${domain}"}}
hostlist       blacklist_hosts   = ${lookup mysql {select deny_host from
blacklist where rcpt_address="${local_part}@${domain}"}}
addresslist    blacklist_sender  = ${lookup mysql {select deny_address from
blacklist where rcpt_address="${local_part}@${domain}"}}
addresslist    blacklist_regex      = ${lookup mysql {select deny_regex from
blacklist where rcpt_address="${local_part}@${domain}"}}



...

begin acl

acl_check_rcpt:
   accept  hosts = :
   deny    local_parts   = ^.*[@%!/|] : ^\\.
   accept  local_parts   = postmaster
           domains       = +local_domains
   require verify        = sender
   accept  domains       = +local_domains
           endpass
           message       = unknown user
           verify        = recipient
   accept  domains       = +relay_to_domains
           endpass
           message       = unrouteable address
           verify        = recipient
   deny    message       = rejected because $sender_host_address is in a
black list at $dnslist_domain\n$dnslist_text
           dnslists      = relays.ordb.org : sbl.spamhaus.org


   #Blacklisting Senders and Sender Domains or Sender Hosts...based on
our users demand...
   deny       sender_domains= +blacklist_domains
         condition    = ${if eq {}{${lookup mysql {select block from users
where address='${quote_mysql:${local_part}@${domain}}' and
block='blacklist' }}}{no}{yes}}
         message     = ${lookup mysql {select deny_message from blacklist
where deny_domain='${quote_mysql:${sender_address_domain}}' and address
='${quote_mysql:${local_part}@${domain}}'}{$value}}
   deny    hosts        = +blacklist_hosts
         condition    = ${if eq {}{${lookup mysql {select block from users
where address='${quote_mysql:${local_part}@${domain}}' and
block='blacklist' }}}{no}{yes}}
      message    = Host $sender_host_address is blocked: ${lookup mysql
{select deny_message from blacklist where
deny_host='${quote_mysql:${$sender_host_address}}' and address
='${quote_mysql:${local_part}@${domain}}'}{$value}{"unspecified reason"}}
   deny    senders    = +blacklist_sender
         condition    = ${if eq {}{${lookup mysql {select block from users
where address='${quote_mysql:${local_part}@${domain}}' and
block='blacklist' }}}{no}{yes}}
         message    = Sender $sender_address is blocked: ${lookup mysql
{select deny_message from blacklist where
deny_host='${quote_mysql:${$sender_address}}' and address
='${quote_mysql:${local_part}@${domain}}'}{$value}{"unspecified reason"}}
   deny       senders    = +blacklist_regex
         condition    = ${if eq {}{${lookup mysql {select block from users
where address='${quote_mysql:${local_part}@${domain}}' and
block='blacklist' }}}{no}{yes}}
         message    = Sender $sender_address is blocked: matches USER
defined Regex


   #User definable whitelist Senders, Domains
   accept  sender_domains= +whitelist_domains
         condition    = ${if eq {}{${lookup mysql {select block from users
where address='${quote_mysql:${local_part}@${domain}}' and
block='whitelist' }}}{no}{yes}}


   accept  hosts         = +relay_from_hosts
   accept  authenticated = *
   deny    message       = relay not permitted



greets malte