Re: [Exim] How to require verification of sender conditional…

Góra strony
Wiadomość jest częścią wątku:
Mpełne drzewo wątku posortowane wg daty
M\Eli at <-
MMPhilip Hazel at ->
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
Dla: Eli
CC: exim-users
Temat: Re: [Exim] How to require verification of sender conditionally in ACL?
> Currently, I just unconditionally verify the sender (as per default config
> file) in my ACL (over my knee) like so:
>
>         require verify          = sender

>
> The problem is that for users who are authenticated (my users), I would like
> them to be able to specify email addresses that I don't want to verify (save
> some resources possibly?) - at least right now I'm thinking I don't (either
> way it doesn't matter - I track their $authenticated_id in the email) :)
>
> I thought that I could add a check for "!authenticated = *", but that failed
> and I realized why after re-reading what "require" does (all conditions must
> be true - so it failed when I authenticated). Now I'm not sure what to do,
> since I can't move my sender verification step after my "accept" policy for
> authenticated users, and I see no way to have a condition set on the require
> that will allow it to skip the require.

Just one reason I don't like the "require" verb.

> I thought then maybe I could do:
>
>         accept  !authenticated  = *
>                 endpass
>                 verify          = sender

>
> In replace of the "require" check, however that won't work since if you
> aren't authenticated, and the sender DOES verify, then it accepts rather
> than passing on to the next statement. I guess what I need is like that,
> except rather than accepting, I need it to pass on (as well as to pass on if
> the initial condition isn't true, i.e. I'm authenticated).

Doesn't seem like a good idea to me. You basically stop processing there if
the user is not authenticated. It will either fail verification or send
bounces to people when the recipient can't be reached. It ALSO MAKES YOU AN
OPEN RELAY (If you're checking in RCPT acl)!

> So far, my only solution is to do up a new ACL for acl_smtp_mail:
>
> acl_check_mail:
>         accept  !authenticated  = *
>                 endpass
>                 verify          = sender

>
> Works great, except I'm wondering if doing the sender verification at MAIL
> time will come back to bite me later? If it will, are there any ways of
> doing what I need at RCPT time?

I've always felt verifying senders in MAIL acl is a bad idea. Not sure why
though. 

Use this:
    deny    !authenticated = *
        !verify = sender


--
Lab tests show that use of micro$oft causes cancer in lab animals


Wiadomość została wysłana do następujących list mailowych:
Exim-users
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [Exim] Unable to send additional 250 lines at EHLO/HELO time (via HELO ACL)Re: [Exim] Exim 4.30 on IRIX 6.5.19m: conflicting types for `inet_ntoa'->
Tahini and Hummus and Cumin Development Archives administrowana przez cumin AdminsLurker (wersja 2.3)