On Fri, 29 Jul 2005, Matthew Newton wrote:
> Why not just put the data sent to exim in a variable, say $smtp_data,
> just before each ACL is called.
RTFM:
39.12 Data for non-message ACLs
When an ACL is being run for AUTH, EHLO, ETRN, EXPN, HELO, STARTTLS, or VRFY, |
the remainder of the SMTP command line is placed in $smtp_command_argument.
This can be tested using a "condition" condition. For example, here is an ACL
for use with AUTH, which insists that either the session is encrypted, or the
CRAM-MD5 authentication method is used. In other words, it does not permit
authentication methods that use cleartext passwords on unencrypted
connections.
acl_check_auth:
accept encrypted = *
accept condition = ${if eq{${uc:$smtp_command_argument}}\ |
{CRAM-MD5}} |
deny message = TLS encryption or CRAM-MD5 required
(Another way of applying this restriction is to arrange for the authenticators
that use cleartext passwords not to be advertised when the connection is not
encrypted. You can use the generic "server_advertise_condition" authenticator
option to do this.)
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
