Re: [exim] how to detect if address aliased?

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Giuliano Gavazzi
Fecha:  
A: exim-users
Asunto: Re: [exim] how to detect if address aliased?
Thanks Tony, I have a working configuration now, not clean but apparently
effective. The basic verification rules it satisfies are:

1) a locally acceptable address (anything that gives a 250 Accepted
response) must be a LHS in an alias file

2) an authenticated submitted envelope sender must:

a) be locally acceptable
b) come from an authenticated user who is, at some point, the RHS in an
alias file for the given envelope sender. That is, any local user who
"may" receive messages for an address, can also generate messages from
that address.

Note that b does not exclude that a .forward file exist that redirects all
email for that local user to a foreign address, as user forward is not
used for verification.

I do the check b in the aliases routers (there are 3) and set a flag
there. This flag is then checked in the local sender verify router.

These are the routers:

domain_aliases_unspec:
  driver = redirect
  allow_fail
  allow_defer
  domains = +local_domains
  local_parts = lsearch;DOMAINS_DIR/$domain/alias
  address_data = ${extract{verified}{$address_data}\
     {verified=yes}\
     {${ifeq{$local_part}{$authenticated_id}{verified=yes}{}}}} \
     aliased=$local_part_data
  data = $local_part_data
  file_transport = address_file
  pipe_transport = address_pipe



[two similar routers for suffixed and for system wide aliases]


# check auth id is consistent with declared sender
local_sender_verify:
driver = redirect
verify_only
verify_sender
allow_fail
allow_defer
data = $local_part@$domain
domains = +local_domains
condition = ${if !eq{${extract{verified}{$address_data}}}{yes}}
fail_verify_sender

The verify = sender condition is at the moment in the MAIL acl,
but this does not play too nice with pine, have to see if it's better to
deny later (in RCPT).

Giuliano