Re: [exim] Restricting sending/receipt

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Cole Tuininga
Dátum:  
Címzett: exim-users
CC: Jakob Hirsch
Tárgy: Re: [exim] Restricting sending/receipt
On Tue, 2005-09-13 at 13:01 +0200, Jakob Hirsch wrote:
> This is a job for ACLs. Put the restricted addresses into a file and this
> into your RCPT ACL:
>
>   deny   senders = CFG/restricted
>          ! domains = $sender_address_domain
>          message = You are not allowed to send outside of your domain


A variation on this worked great - very much appreciated. For those
that are interested, my acl rule looks like this (improvement
suggestions accepted and appreciated!):

deny
    authenticated = *
    log_message = Blocked message from restricted user
"$authenticated_id\" to domain \"$domain\".  User restricted to sending
to
\"${lookup{$authenticated_id}lsearch{/etc/exim4/restricted_accounts}}\".
    message = You are not allowed to send outside of your domain
    condition = ${if exists{/etc/exim4/restricted_accounts}}
    ! domains =
${lookup{$authenticated_id}lsearch{/etc/exim4/restricted_accounts}{$value}{*}}


(Sorry for the line wrapping)


>   deny   recipients = CFG/restricted
>          ! sender_domains = $domain
>          message = recipient is not allowed to receive from foreign domain


Here's the problem with this one - the email addresses are maps to
users. For instance, "bob@???" might map to local user
"company-bob". This makes it difficult to do this filtering within the
rcpt acl, unless I want to duplicate the mapping here.

I have a router that looks like this:

virtuals:
    debug_print = "R: virtuals for $local_part@$domain"
    driver = redirect
    domains = !localhost : +local_domains
    require_files = /etc/exim4/aliases/$domain
    data = ${lookup{$local_part}lsearch*{/etc/exim4/aliases/$domain}}
    no_more


Is there a way I can set up an acl to run only *after* this router has
been seen?

--
Those who live by the sword get shot by those who don't.

Cole Tuininga
Lead Developer
Code Energy, Inc
colet@???
PGP Key ID: 0x43E5755D