Re: [Exim] Please add support for ACLs run at _start_ of dat…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Edgar Lovecraft
Datum:  
To: exim-users
Alte Treads: [Exim] Please add support for ACLs run at _start_ of data (acl_smtp_predata)
Betreff: Re: [Exim] Please add support for ACLs run at _start_ of data
Andreas Metzler wrote:
>
> Hello,
> I have received this as http://bugs.debian.org/237947
> On 2004-03-14 "Steinar H. Gunderson" <sgunderson@???> wrote:
> > While implementing greylisting in exim4 we came across an interesting
> > possibility: Reject not _after_ DATA, but actually on the DATA command
> > itself. (Most greylisting implementations seem to reject on RCPT, but
> > that potentially breaks callouts etc. in all sorts of ugly ways.) Ie.
> > something like:
>
> > 220 exim4 blabla
> > EHLO domain
> > 250 OK
> > MAIL FROM: <foo@bar>
> > 250 OK
> > RCPT TO: <bar@foo>
> > 250 Accepted
> > DATA
> > 401 Sorry, greylisted, try again later.
>
> > Thus, one doesn't have to waste bandwidth and processing power on
> > something that will only be thrown away later, but one doesn't break
> > callouts either.
>
> > The simplest way to achieve this would probably be adding an
> > acl_smtp_predata ACL, run at the DATA command. Would this be possible
> > to implement?
> [...]
>
> It sounds like a logical additions, I am just not sure how other MTAs
> would interact, rejecting the DATA command itself seems rather unual.
> For reference RFC2821 says about this:
>

..[snip]...
>

Why?? All that really needs to be done to is to change HOW you are doing
the sender callouts.
i.e.
Rather than using
    accept verify = sender
Put the result in an $acl_m0 (or other number)
    warn    !verify = sender
        set acl_m0 = FAIL
Then test on the acl
    deny    condition = {if eq{$acl_m0}{FAIL}{1}{0}}


the examples above are not tested but the general idea does work, and if
you do not want to deny on a fail, then you now have the ability to do
whatever it is that you do want to do and not lose anything with callbacks
and greylisting.
Or, you could just do the callouts on the second attempt, and greylist
before you do the sender callouts.
--

--EAL--