[Exim] How to require verification of sender conditionally i…

Top Page
Delete this message
Reply to this message
Author: Eli
Date:  
To: exim-users
Subject: [Exim] How to require verification of sender conditionally in ACL?
I just came across something I'm not sure is do-able (if it is, I don't see
how... Then again it is 3:30am).

I would like to require sender verification in my RCPT ACL, however I only
want to do it if the person isn't authenticated.

Currently, I just unconditionally verify the sender (as per default config
file) in my ACL (over my knee) like so:

        require verify          = sender


The problem is that for users who are authenticated (my users), I would like
them to be able to specify email addresses that I don't want to verify (save
some resources possibly?) - at least right now I'm thinking I don't (either
way it doesn't matter - I track their $authenticated_id in the email) :)

I thought that I could add a check for "!authenticated = *", but that failed
and I realized why after re-reading what "require" does (all conditions must
be true - so it failed when I authenticated). Now I'm not sure what to do,
since I can't move my sender verification step after my "accept" policy for
authenticated users, and I see no way to have a condition set on the require
that will allow it to skip the require.

I thought then maybe I could do:

        accept  !authenticated  = *
                endpass
                verify          = sender


In replace of the "require" check, however that won't work since if you
aren't authenticated, and the sender DOES verify, then it accepts rather
than passing on to the next statement. I guess what I need is like that,
except rather than accepting, I need it to pass on (as well as to pass on if
the initial condition isn't true, i.e. I'm authenticated).

So far, my only solution is to do up a new ACL for acl_smtp_mail:

acl_check_mail:
        accept  !authenticated  = *
                endpass
                verify          = sender


Works great, except I'm wondering if doing the sender verification at MAIL
time will come back to bite me later? If it will, are there any ways of
doing what I need at RCPT time?

Thanks in advance,

Eli.


---
[This E-mail scanned for viruses]