RE: [Exim] Idea for a per-recipient DATA ACL stage

Top Page
Delete this message
Reply to this message
Author: Edgar Lovecraft
Date:  
To: exim-users
Subject: RE: [Exim] Idea for a per-recipient DATA ACL stage
Eli wrote:
> >
> > Here is what I do, I get all of the relevant 'scanning' information
> > that I need during the ACL phases and push that information on with
> > the message. If the message is acceptable at a 'global' level (no
> > viruses, etc) , then I accept it, and give (for better or worse) the
> > standard DNR's should I need to at a per recipient level during the
> > delivery.
>
> Yeah, right now I'm happy with the spam/virus stuff I have working at a
> global level in the ACLs. I just put headers on things and reject any
> and all viruses regardless, but it would be nice to have a per user
> ability during this stage. I'm working on making a script that will


I did forget to mention that during the DATA ACL I do a check after all of
the 'globals' run , if the message has made it this far there is one or two
last checks that are done before the message is accepted for delivery, I
check the number of recipients, if the number is more than one, I accept
the message, if the message is to just one person I do the per person
accept/deny during the DATA ACL as well, the recipient address is in the
$recipients variable.

<EXAMPLE_CODE>
  #
  #ACCEPT the message now if there are more than one RCPT's and
  #    none of the ALWAYS FAIL conditions have been met
  #
accept  condition = ${if {>{$rcpt_count}{1}} {1}{0} }
  #
  #ACCEPT any message that has one recipient and does not fail any of the
  #    Policy rules.
  #
accept  endpass
        message   = User Refused Message DATA:
        condition = \
  ${if and{{ ={$rcpt_count}{1}}{ ...{$recipients}... } {1}{0} }
   #
   # Expcilite DENY
   #
deny    message   = OOPS message was not wanted ;)
   #
   # ^^^ that of course is not the real message but should be as those
   #     three statements are the end of my DATA ACL in that order


> spit out Exim filter data so that it will do all the additional per
> user/domain filtering during the router or transport stage, but I'm not
> sure how much of a performance hit I'll be taking by calling an external
> script to do this.


I do a few Perl calls during ACL's and see no additional time when you
consider SpamAssassin and AntiVirus checks, (just optimize the code and
the number of calls you have to do)

>                      I was hoping to be able to have all message
> filtering done at ACL time so that messages we didn't want to accept for
> any reason would be rejected before they're ever accepted - no bounce
> messages required and it helps reduce spam (I hope).

>
> > I always thought that the $domain and $local_part at DATA time was
> > quite clear in the Exim Docs.
>
> As did I :) I ran into this problem once simply because I wasn't paying
> attention, but I always understood why they weren't available. You
> can't count out all the people who have emailed in to the mailing list
> wondering why their stuff isn't working when they try to use them during
> DATA time though :)
>


Well hell, following that logic we need to change how a lot of things work,
such as manual routing to a smarthost :)
Point is, the manual is very clear on that and it would confuse things
further to ferret out when $domain and $local_part exist and when they
do not, as it is, you can do single person at DATA time and get the
recipients inofrmation from $recipients, most messages I see pass through
the system are to only one person at a time any way. I do run the numbers
again to get a percentage of total mail however.

--

--EAL--