Re: [exim] Re: Problem with prvs functions

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: Brian Candler
CC: exim-users
Subject: Re: [exim] Re: Problem with prvs functions
Brian Candler wrote:

> So, the only way I can think of to get a sensible answer out of this is:
>
> # exim -d+expand -be '${prvscheck {prvs=brian/19844dfc9a@???}{foobar}{0}}$prvscheck_result'
>
> which returns "0" for failure and "01" for success (yuk).


I overlooked this. I presume you want to check for validity in the
router section? I don't do that. My use case is this:

a) Block stuff in ACLs

# Bounces: drop unsigned addresses for BATV senders
       deny message = This address does not send an unsigned reverse path.
            senders = :
            recipients = +batv_recipients


       # Bounces: In case of prvs-signed address, check signature.
       deny message = Invalid reverse path signature.
            senders = :
            condition = ${prvscheck {$local_part@$domain}{PRVSCHECK_SQL}{1}}
            !condition = $prvscheck_result



b) If any prvs encoded address has made it past the ACLs, it deserves to
be redirected to its original address:

batv_redirect:
         driver = redirect
         data = ${prvscheck {$local_part@$domain}{PRVSCHECK_SQL}{}}


/tom