> >At this time I do not see the need (or use) to implement my limits in the
> >DATA ACL as well - as suggested on the list.
>
> You do not know the $message_size while running through the data-acl,
> this is an extension for SMTP, that allows the sending server to say
> "Well, I've 10M of data for you, tell me NOW if you don't want them"
>
> But the sending server does not need to send it. So, the $message_size
> CAN be know when your acl_smtp_rcpt runs, but in some cases you don't
> know it before your data-acl. FURTHER, the sending server can lie about
> the size (I don't know how exim reacts in this case). That means, the
> sender says "I've 1000 bytes for you, do you want them?" - Your server
> answers "Well, 1000 bytes, no problem, I'll take them" - the sender gets
> a big evil grin on his face, and sends you 20 MB now, and you'll NOT
> know the size before the sender finished, and your data-acl starts.
>
> Does this make clear why you have to check it in your data_acl too?
I was going to do something like this, but instead of doing it in ACLs, I
was going to do it in the routers because the data acl is ran once per
message (right? =). I am setting up message size limits (inbound) for users
and checking in the routers seems to be the best solution.
Of course the message at this time is already accepted.
Nico van der Dussen, I used a different approach in my rcpt acl for size
limiting. The tells the sending MTA what the size limitation is.
Here's what I did:
deny set acl_m9 = ${lookup mysql{select max_in_email_size from \
table where enabled='yes' and \
email='$local_part' limit 1} \
{$value} \
fail \
}
message = Maximum message sizs of $acl_m9 exceeded.
condition = ${if >{$message_size}{$acl_m9}{true}{false}}
The fail in the lookup causes this acl to fail and go to the next one. This
way, if the lookup fails, it won't be checking the message size against 0
