Hi all,
I have the following ACL that does recipient verification against an LDAP
database. It first looks up the domain part via a MySQL lookup to verify
it is in the relay list, then looks up the recipient against a LDAP
database to make sure it exists:
deny message = user unknown
domains = +relay_to_domains
!recipients = ${lookup ldap \
{user="ldap@???" pass=xxxxx \
ldap:///uid=${quote_ldap:$local_part},cn=${quote_ldap:$domain}?mail} \
{$value}fail}
The relay_to_domains:
domainlist relay_to_domains = mydomain.com:mysql;SELECT DISTINCT domain
from domains WHERE mx1='mx1.mydomain.com' AND domain='${domain}';
A few questions:
1. I need to also verify that the domain is not in another domainlist (one
that we do not do recipient checking for, a downstream customer) before the
above ACL is checked. That is, I need it to bypass that ACL if the domain
appears in this domain list:
domainlist route_to_domains = mysql;SELECT DISTINCT mx3 from domains WHERE
domain='${domain}';
2. The format of the ACL above is a bit confusing to me. It does work, but
I want to understand *why* it works. Is it possible to re-format the ACL
above in an "accept" condition? What does the ! mark in front of the
recipients line do -- a double negative maybe? Is there a way to add the
additional domainlist condition to the original ACL so that if it exists in
the route_to_domains list, it will bypass the rest of the ACL?
Thanks for any help you can provide.
-----------------------------------------
Mike Bacher / isp-list@???
TCIS - TulsaConnect Internet Services
Phone: 918-584-1100x110 Fax: 918-582-5776
-----------------------------------------
