Re: [Exim] MySQL lookup acl language

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Coax
CC: exim-users
Subject: Re: [Exim] MySQL lookup acl language
Coax wrote:
> I need to configure exim, using smtp_acl_connect, to selectively prohibit
> incoming connections right at the start - without even displaying an SMTP
> banner. (I've tested by placing a 'deny' in the acl - and it works just
> as prescribed - that way - and denies all connections.)
>
> At this point, I have a MySQL database called 'exim4' with a table called
> 'blocks' with a column called "address" which I need to check for, and
> deny if a match is present.
>
> I need a hand designing the ACL to do this..
>
> The query I need to execute is this:
>
> :/
> select address from blocks where address = '$sender_host_address'
> :/


acl_block_hosts:
   deny log_message = Connection from $sender_host_address denied \
                        by acl_block_hosts
        hosts       = mysql;select 1 from blocks where \
                              address = '$sender_host_address'
   accept


> I need this acl to selectively deny connections based upon the fact that
> the $sender_host_address is found in the database. If it does NOT find
> any entry for this, I want the acl to 'accept'.
>
> Furthermore, I'd like the acl, if possible, to default to 'accept' if the
> database doesn't respond - to ensure that a database failure doesn't take
> the mail system down. (I can get around this if it is not possible..)


You can't do this, when the database is unavailable the lookup will
defer, and exim will return a 4xx error.

If you have some way to check the availability of the mysql-db you could
add something like this in front of the deny-block

accept condition = SOME_MYTERIOUS_CHECK

i.e if there exists a file when mysql is active, then do:

accept condition = ${if exists {/path/to/the/file}}

Nico