On 2004-04-17 Tore Anderson <tore@???> wrote:
> I need to do something like this in an authenticator:
> condition = ${if or { {eq{${lookup {$sender_host_address} net-lsearch \
> {/relayhosts} {allowed}{denied}}}{allowed}} \
> {ldapauth [...]} \
> } {yes}{no}}
> The problem that needs to be solved is that some clients who connect
> from the networks with relay permission insist on authenticating. I
> must let them use arbitrary usernames and passwords, while on the other
> hand actually authenticate clients against the LDAP server if they're
> connecting from a foreign network.
> I was mightily surprised to see Exim tell me «unknown lookup type
> "net-lsearch"» when I tried to do some expansion testing of the above.
> I tried to specify "net-lsearch;/relayhosts" and also substituting
> the file name with a host list, but no go. What's wrong - isn't
> net-lsearch supposed to available as a expansion lookup at all?
[...]
Afaict net-foo is no generic lookup type but only allowed as item in
host lists.
> If not, is there some other way to solve my problem short of making
> the relayhosts file an atrociously long list of all the individual
> addresses?
If the clients are not completely broken (that is always a popular
option, though ;-) not advertising AUTH to these machines might work.
auth_advertise_hosts = !net-lsearch;/relayhosts
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
