Re: [Exim] Creating a message for delivery based off of an a…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MEli at <-
M+\Wakko Warner at ->
Delete this message
Reply to this message
Author: Wakko Warner
Date:  
To: Eli
CC: exim-users
Subject: Re: [Exim] Creating a message for delivery based off of an action in an ACL
> For that reason I was hoping I could skip having to parse log files, and
> just have data like that inserted on the fly as exim sees it come in.
>
> >Remember you can say what is true or false. Or in this case, true true.
>
> Doh! I totally didn't think of that! I'll give it a shot... Now just to
> see if it's possible to have multiple condition = statements in a line
> (incase I need to do multiple inserts or what have you) :)

You can do this from exim already and a database server (mysql or
postgresql). I log things about the sender (IP, hostname, ident, email
address) recipient (email, if it was blocked and why) and what would have
blocked the message (informational only, checks for a few countries, isps,
about 8 rbls). the message ID and date/time are on each table. I make a
bogus message id (tmp-${md5sum of time/date/ip/connection/pid/etc}) and
change it to the real ID in the data phase (if it gets there).

> -----Original Message-----
> From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On Behalf
> Of Kevin Reed
> Sent: Thursday, January 15, 2004 12:14 AM
> To: exim-users@???
> Subject: RE: [Exim] Creating a message for delivery based off of an action
> in an ACL
>
> Eli said:
> >>DENY is the correct thing to do or Discard... but bounce...
> >
> > ... I want to deny the message and send an email to MY users (the
> > recipients; obviously not faked, since my mail server received the
> > message!) telling them that they were SENT a virus.
>
> Not too far in the distant past there was a huge flurry of faked
> sender/receiver spam/virus messages who's intent appeared to be simply to
> clog up the mail system... do you really want your users to get notified
> of everything your mail system blocks even if they where from bogus
> sources which you have no real way of knowing?
>
> Many are still getting tons of these.
>
> However, I think a lot of people don't realize how much data is in the
> exim log files...
>
> A perhaps better idea would be to make available to your users the data of
> what was blocked not via email but via another means.
>
> I just implemented a system where the failed messages (parsed from system
> logs) are collected daily and stored in a small database. The users can
> now via an internal web page, query their email address and see what was
> denied being sent to them.
>
> Since the logs contain the host, apparent From user, Subject ,date time...
> it makes it easy for a user to see if they have real mail arriving that is
> being blocked by accident. They can then inform the help desk of who the
> sender is and a temporary whitelist can take place or a correction to the
> senders problem can be resolved.
>
> While it doesn't get them the failed message, it takes the burden off the
> Help Desk when people thing they are having mail for them blocked.
>
> This way the user doesn't get tons of messages telling them what they
> didn't get most of which they don't want to know anyway and they can look
> for the info if they need it.
>
> >>You can easily do this and the other things you asking for below with a
> >>system filter
> >
> > Hrm, I remember checking up on filter syntax, and it seemed to be much
> > more limited than what I could do in ACLs (but maybe I should check
> > again...).
>
> Exim is very flexible... sometimes you have to think outside the box...
>
> While the filter is not the ACL... In your ACL you can set a special
> header as as flag... in the system filter look for the flag and act on it
> removing the flag afterwards..
>
> There are other solutons too as I'm sure we will hear.
>
> >>condition = ${run ...
> >
> > I'm not sure how condition = would work if I issued an SQL INSERT command
> > -
> > would it consider it true, or false? Besides, I want the outcome to have
> > *no* bearing on what is going to be done. I just want my command (really
> > an SQL query, so run doesn't work for me) executed and it's output
> > ignored completely.
>
> So treat the result as always true no matter what the real result is and
> you have what you are looking for. Remember you can say what is true or
> false. Or in this case, true true.
>
> --
> Kevin W. Reed - TNET Services, Inc.
> Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
>
> ---
> [This E-mail scanned for viruses]
>
>
>
> ---
> [This E-mail scanned for viruses]
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
--
Lab tests show that use of micro$oft causes cancer in lab animals


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] local_delivery transport_filterRE: [Exim] local_delivery transport_filter->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)