Re: [exim] ACL and conditions

Top Pagina
Delete this message
Reply to this message
Auteur: Wakko Warner
Datum:  
Aan: Justin Koivisto
CC: exim-users
Onderwerp: Re: [exim] ACL and conditions
Please keep me in CC.

> >AHHA! I think I know why it doesn't work. If you do this in the RCPT acl,
> >it may not work especially if you're being an MSA for outlook. It doesn't
> >support the ESMTP SIZE= on the MAIL command. It would have to be checked
> >in
> >the DATA acl in which domains is not able to be checked and $domain will be
> >blank.
> >
>
> Then that is my problem, I am checking in the data acl...
>
> The next question is, how can I go about checking the domain at the data
> level?


There's no good way to do it in the data phase. It would probably be best
put in a router (I did this for multiple recipients).

Here's something you could do:
1) If $message_size is known (>0) check to see if it's > than the max and
    reject accordingly.
   else 
       if recipient domain is that domain:
           Check to see if acl_m# is set to some positive value, accept.
           Otherwise if it is not set and recipient count is > 1 
               defer/deny and set acl_m# to something negative
                   (like no)
           If recipient count is 1 and acl_m# is not set
               accept and set acl_m# to something positive (yes)
       else if the recipient domain is not that domain
           if acl_m# is positive, defer/deny
           if acl_m# is negative, accept
           if acl_m# is not set, set to negative and accept
   end
   in the data phase, when $message_size is known, accept/deny accordingly.
   the rcpt phase would have guarnteed that only this domain is sent to.


That was a mouth ful, It's untested and I may not have thought it through
completely. But that's the idea.

or
2) Put in a router that checks that domains = that domain and the
$message_size is > than the maximum. Use the redirect driver with
allow_fail = true and redirect to: :fail: $domain cannot accept email
larger than xx in size

#1 Will be a problem if the connecting client is not another MTA. Some MUAs
barf at smtp time rejections.
#2 Could be a problem because it will generate bounces. This may be good or
it may be bad. If properly configured it shouldn't be. That is, don't
allow users to use just any email address,it would have to be one that your
server handles. You could check for this in the router. If it fails, have
another router that checks for the opposit and silently drop the message or
redirect it to postmater (preferred way).

If you decide to try my suggestion, I'd like to know how it works out for
you.

--
Lab tests show that use of micro$oft causes cancer in lab animals