On Wed, Aug 27, 2003 at 04:05:01PM +0100, Jez Hancock wrote:
> On Wed, Aug 27, 2003 at 02:31:18PM +0100, gARetH baBB wrote:
> > On Wed, 27 Aug 2003, Jez Hancock wrote:
> >
> > > The callout line was:
> > > require verify = sender/defer_ok/callout=10s
> >
> > Yes, but where - context is everything.
> >
> > > All working ok now:
> >
> > All I can say is that if you have *really* got just "accept sender_domains
> > = x" and tinysoftware.com in that whitelist than I - or anyone - can now
> > relay through your machine as long as we use a sender of
> > x@???. I hope you realise this.
> I had overlooked that, thanks for pointing it out. :(
>
> Struggling with this. Essentially the logic I'm after is:
>
> if sender_domains is in +whitelist_from_domains
> require verify = sender
> else
> require verify = sender/defer_ok/callout=10s
> endif
>
> and checking continues in the next ACL statement but I'm not sure how to
> implement this.
Ok I've ended up with this which appears to work as required:
# Deny unless the sender address can be verified via callout:
require verify = sender\
${lookup{$sender_address_domain}lsearch{WHITELIST_DOMAINS_FILE}\
{}\
{/callout=10s/defer_ok}\
}
Is this the best way to see if $sender_address_domain is in my
WHITELIST_DOMAINS_FILE or is there an easier way of doing this?
--
Jez
http://www.munk.nu/
