Re: [Exim] No verify sender callout for whitelisted hosts

Top Page
Delete this message
Reply to this message
Author: Jez Hancock
Date:  
To: Exim Users List
Subject: Re: [Exim] No verify sender callout for whitelisted hosts
On Wed, Aug 27, 2003 at 04:05:01PM +0100, Jez Hancock wrote:
> On Wed, Aug 27, 2003 at 02:31:18PM +0100, gARetH baBB wrote:
> > On Wed, 27 Aug 2003, Jez Hancock wrote:
> >
> > > The callout line was:
> > >   require verify        = sender/defer_ok/callout=10s

> >
> > Yes, but where - context is everything.
> >
> > > All working ok now:
> >
> > All I can say is that if you have *really* got just "accept sender_domains
> > = x" and tinysoftware.com in that whitelist than I - or anyone - can now
> > relay through your machine as long as we use a sender of
> > x@???. I hope you realise this.
> I had overlooked that, thanks for pointing it out. :(
>
> Struggling with this. Essentially the logic I'm after is:
>
> if sender_domains is in +whitelist_from_domains
>     require verify = sender
> else
>     require verify = sender/defer_ok/callout=10s
> endif

>
> and checking continues in the next ACL statement but I'm not sure how to
> implement this.

Ok I've ended up with this which appears to work as required:

  # Deny unless the sender address can be verified via callout:
  require verify        = sender\
          ${lookup{$sender_address_domain}lsearch{WHITELIST_DOMAINS_FILE}\
              {}\
              {/callout=10s/defer_ok}\
          }


Is this the best way to see if $sender_address_domain is in my
WHITELIST_DOMAINS_FILE or is there an easier way of doing this?

--
Jez

http://www.munk.nu/