Coax wrote:
> I need to configure exim, using smtp_acl_connect, to selectively prohibit
> incoming connections right at the start - without even displaying an SMTP
> banner. (I've tested by placing a 'deny' in the acl - and it works just
> as prescribed - that way - and denies all connections.)
>
> At this point, I have a MySQL database called 'exim4' with a table called
> 'blocks' with a column called "address" which I need to check for, and
> deny if a match is present.
>
> I need a hand designing the ACL to do this..
>
> The query I need to execute is this:
>
> :/
> select address from blocks where address = '$sender_host_address'
> :/
acl_block_hosts:
deny log_message = Connection from $sender_host_address denied \
by acl_block_hosts
hosts = mysql;select 1 from blocks where \
address = '$sender_host_address'
accept
> I need this acl to selectively deny connections based upon the fact that
> the $sender_host_address is found in the database. If it does NOT find
> any entry for this, I want the acl to 'accept'.
>
> Furthermore, I'd like the acl, if possible, to default to 'accept' if the
> database doesn't respond - to ensure that a database failure doesn't take
> the mail system down. (I can get around this if it is not possible..)
You can't do this, when the database is unavailable the lookup will
defer, and exim will return a 4xx error.
If you have some way to check the availability of the mysql-db you could
add something like this in front of the deny-block
accept condition = SOME_MYTERIOUS_CHECK
i.e if there exists a file when mysql is active, then do:
accept condition = ${if exists {/path/to/the/file}}
Nico