Re: [Exim] Idea for a per-recipient DATA ACL stage

Top Page
Delete this message
Reply to this message
Author: Edgar Lovecraft
Date:  
To: exim-users
Subject: Re: [Exim] Idea for a per-recipient DATA ACL stage
Eli wrote:
>
> >That's very, very interesting. Please, talk to Tom Kistner about this
> >and see what he thinks, as he maintains exiscan. I would love to see
> >this 'quietly drop recipient' option.


In 'quietly droping recipients' please remember that you are severly
breaking the SMTP RFC standards. Think of the damage that will be done to
any message tracking...

I send a message to two of your users and your server gives an
"OK Message Accepted" to the DATA phase of the transaction. I now think
that the message was delivered.
Your server 'silently drops' the delivery to one of the two recipients.
I know think that not only was the message delivered, but that the message
was deliverd SUCESSFUlLY to BOTH users as there was never a DNR sent to the
'droped' user.

If you just have-to-have per-recipient/per-domain checks, then the only
prudent thing to do is either 'accept like users' during RCPT TO: or
accept only one RCPT TO: at a time, or accept the message and then send
the DNR after you reject the message like you are supposed to.

> Personally though, my big reason for mentioning something like this (and
> hoping that the idea is followed through!) is that it would allow other
> message filtering to be done at ACL time as well that was per
> domain/user specific.


Here is what I do, I get all of the relevant 'scanning' information that I
need during the ACL phases and push that information on with the message.
If the message is acceptable at a 'global' level (no viruses, etc) , then I
accept it, and give (for better or worse) the standard DNR's should I need
to at a per recipient level during the delivery.

> I'm still working on some alternative methods for what I need to
> accomplish (I'm eyeing the local_scan stuff, but I'd have to learn more
> about Exim internals before I venture into that forest), but I think
> this would be a nice feature to have regardless, especially avoiding all
> those confused people who want to use $domain and $local_part at DATA
> time :)


I always thought that the $domain and $local_part at DATA time was quite
clear in the Exim Docs.

--

--EAL--