Re: [exim] Message size filter based on AUTH

Top Page
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: exim-users
Subject: Re: [exim] Message size filter based on AUTH
On Tue, 8 Nov 2005, Marco De Vitis wrote:
>
> Hello,
> can anyone please tell me if the following can be obtained with plain
> exim4 on Debian Sarge?


It can certainly be done in exim, though I can't speak as to the gyrations
for debian's config file layout.


>
> I'd need to configure a machine to only relay mail from its LAN to the
> outside through the ISP's SMTP server.
> To be able to send mail, users *must* authenticate, anonymous
> connections must not be accepted. And the connection must use TLS.
> There should be a message size limit based on the username received
> during authentication, e.g. user authenticating as "standard" can send
> messages up to 1MB, while user "privileged" can send up to 5MB.
>


Given that the SIZE parameter can lie about the size of the message
transferred, I check both the SIZE sent prior to DATA, (and 5xx in
the rcpt acl if need be), as well as the final size of the received
file, and 5xx at end-of-DATA if needed.

from spec.txt:

(4.5.1, current version I have on disk)

While running an ACL at the time of an SMTP RCPT command, $message_size
contains the size supplied on the MAIL command, or -1 if no size was
given. The value may not, of course, be truthful.


> What I don't know is whether the last part can be obtained somehow with
> exim, standalone or maybe with external tools.
>



(this is mostly stripped out of my running config with some modifications)

CFG_DIR/SENDER_DOM/SENDER_LOC are macros that I use for convenience...


In acl_check_rcpt:


  deny authenticated  = *
       condition      = ${if exists \
                 {CFG_DIR/SENDER_DOM/SENDER_LOC/max-message-size}{1}{0}}
       condition      = ${if >{$message_size} \
                        { \
                          ${readfile {CFG_DIR/SENDER_DOM/SENDER_LOC/max-message-size}{}} \
                        }{yes}{no}}
       message        = Message size limit exceeded




in acl_check_data:

  deny authenticated = *
       condition     = ${if exists \
                        {CFG_DIR/SENDER_DOM/SENDER_LOC/max-message-size}{1}{0}}
       condition     = ${if >{$message_size} \
                        { \
                         ${readfile {CFG_DIR/SENDER_DOM/SENDER_LOC/max-message-size}{}} \
                        }{yes}{no}}
       message       = Message size limit exceeded



If the user doesn't have their own max defined size, they don't
have that cfg file. Depending on how you retreive the per-user
prefs, you may be able to skip the 'if exists' conditions.


-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.