On Wed, 14 Sep 2005, Cole Tuininga wrote:
>
> CE_ADDRDATA = user=$local_part \
> restricted=${lookup {$local_part} \
> dbm {/etc/exim4/restricted_accounts.db} \
> {yes} {no} } \
> valid_doms=${lookup {$local_part} \
> dbm {/etc/exim4/restricted_accounts.db} }
>
> The restricted_accounts.db is built from a file that looks like:
> bob: company.com : mail.company.com
>
> # Now make sure restricted users don't receive from outside their domain
> deny
> verify = recipient
> message = User is restricted from receiving external email.
> condition = ${extract {restricted}{$address_data} }
> ! sender_domains = ${extract {valid_doms}{$address_data} }
> log_message = Blocked message for restricted user
> \"${extract{user}{$address_data} }\" from domain
> \"$sender_address_domain\". User restricted to receiving from
> \"${extract {valid_doms}{$address_data} }\".
>
> Here's the problem. The last acl rule doesn't seem to recognize
> anything besides the first item in any given list. I'm sure this is
> just some kind of issue where I need to escape something properly, but
> I'm not quite sure how.
${extract has a very loose interpretation of whitespace and = signs, so it
can be easy to make a mistake (see section 11.5 of the spec) [1].
I *suspect* that it is not parsing your domain list as a single ${extract
item; you can check this by using exim -d+expand. Probably the right thing
to do is to quote the domain list like this
bob: "company.com : mail.company.com"
You tried this
"bob: company.com : mail.company.com"
which Exim interprets as a single long lookup key without any
corresponding value. (See section 9.2 of the spec.)
[1] For example, in my configuration file:
HERMES_ADDRDATA = user=$local_part \
suffix=${if eq{}{$local_part_suffix} \
{""} {$local_part_suffix} } \
secure=${lookup {$local_part} \
cdb {USERS/insecure.cdb} \
{no} {yes} }
The fiddling with $local_part_suffix is because a simple
suffix=$local_part_suffix fails if there is no suffix. The resulting
string looks like user=fanf2 suffix= secure=yes which ${extract parses
as user="fanf2" suffix="secure=yes"
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}