[Exim] Help with ACL syntax

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: ISP List
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [Exim] Help with ACL syntax
Hi all,

I have the following ACL that does recipient verification against an LDAP
database. It first looks up the domain part via a MySQL lookup to verify
it is in the relay list, then looks up the recipient against a LDAP
database to make sure it exists:

   deny message = user unknown
         domains = +relay_to_domains
         !recipients = ${lookup ldap \
         {user="ldap@???" pass=xxxxx \
         ldap:///uid=${quote_ldap:$local_part},cn=${quote_ldap:$domain}?mail} \
         {$value}fail}


The relay_to_domains:

domainlist relay_to_domains = mydomain.com:mysql;SELECT DISTINCT domain
from domains WHERE mx1='mx1.mydomain.com' AND domain='${domain}';

A few questions:

1. I need to also verify that the domain is not in another domainlist (one
that we do not do recipient checking for, a downstream customer) before the
above ACL is checked. That is, I need it to bypass that ACL if the domain
appears in this domain list:

domainlist route_to_domains = mysql;SELECT DISTINCT mx3 from domains WHERE
domain='${domain}';

2. The format of the ACL above is a bit confusing to me. It does work, but
I want to understand *why* it works. Is it possible to re-format the ACL
above in an "accept" condition? What does the ! mark in front of the
recipients line do -- a double negative maybe? Is there a way to add the
additional domainlist condition to the original ACL so that if it exists in
the route_to_domains list, it will bypass the rest of the ACL?

Thanks for any help you can provide.

-----------------------------------------
Mike Bacher / isp-list@???
TCIS - TulsaConnect Internet Services
Phone: 918-584-1100x110 Fax: 918-582-5776
-----------------------------------------