[exim] Better way to write this condition?

Pàgina inicial
Delete this message
Reply to this message
Autor: Troy Engel
Data:  
A: exim-users
Assumpte: [exim] Better way to write this condition?
I have a series of routers that basically protects internal aliases (ie
'staff@???') from external email, unless your domain is listed in
a file (ie personal employee domains). The simple one, for example:

   internal_aliases:
     driver = redirect
     condition = ${lookup {$sender_address_domain} \
                 lsearch{/etc/domains.trusted}{yes}{no}}
     allow_fail
     allow_defer
     data = ${lookup{$local_part}lsearch{/etc/aliases.int}}
     file_transport = address_file
     pipe_transport = address_pipe


This isn't completely bulletproof; what I'd like to do is enhance it to
use $sender_host_address against $sender_address_domain (to make sure
they're not faking it, ie setting "From: billybob@???") in some
fashion - check that IP out for real.

Also, the above approach doesn't allow wildcards, I have to list each
allowed subdomain machine in the domains.trusted; what I'd like is to
allow *.fluid.com for instance, and somehow still use
$sender_host_address against $sender_address_domain to verify they
really are from fluid.com.

Any master config experts have some ideas? Is this even possible?

thanks!
-te

--
Troy Engel | Systems Engineer
Fluid, Inc | http://www.fluid.com