On Wed, 17 Nov 2004, Fred Viles wrote:
> | Mail is denied at that point with "temporarily rejected after DATA". What
> | would have triggered the "deny" then if the precondition was not met?
>
> Nothing triggered the "deny". The mail was not denied (5xx reply
> code), it was deferred (4xx reply code). They are not the same
> action.
Correct. Sorry, I overlooked the mention of "defer" in the original
post. Fred is right. The use of "message" and "log_message" happens when
there is an outright denial. There is no facility for specifying a
message if there is some kind of problem that causes a temporary error.
For all verbs except "warn", hitting a condition that cannot be
determined causes an immediate "defer" result. In the case of "warn",
the statement is abandoned, but processing of the ACL proceeds. The
incident is logged.
> If you want to deny on verify deferral, you can use an ACL variable
> to detect it. Something like this (untested):
>
> deny log_message = There must be a valid sender address in the \
> headers: RCPTS $recipients
> message = There must be a valid sender address in the headers
> !verify = header_sender
>
> warn set acl_m0 = verify_deferred
> verify = header_sender
> set acl_m0 = verify_done
>
> deny message = Rejected: sender address verification could not \
> be completed at this time
> condition = ${if eq {$acl_m0}{verify_deferred}{yes}{no}}
That cunning trick won't work as it stands, because hitting "defer"
inside "deny" will cause the whole ACL to defer. However, if you
re-order the statements so that the "warn" comes first, it should work.
(I say "should" because I too haven't tested this.)
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
