Re: [exim] conditional smtp_auth to control relaying

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: exim-users
CC: f_x
Subject: Re: [exim] conditional smtp_auth to control relaying
On Sun, 5 Feb 2006, Jakob Hirsch wrote:
>
> acl_check_mail:
>
> deny
> message = sender does not match auth data
> ! senders = ${lookup mysql {select address from smtp_auth where username='${quote_mysql:$authenticated_id}'}}


That works if you have fairly uniform addresses, or a well-populated
database. My approach is to store the username in $address_data in the
final router that handles local delivery. This means that personal aliases
such as tony.finch@??? are treated the same as fanf2@???.
Group aliases that don't resolve to a single user don't get a user= field
in their address data because Exim gives up verification when there's more
than one child address.

# IN THE ROUTERS

# Verify Hermes addresses that are destined for the Cyrus message
# stores in a separate router in order to avoid callouts. We fill
# in the address data for use by the ACLs.

hermes_verify:
  driver        = accept
  local_part_suffix    = +*
  local_part_suffix_optional
  verify_only
  domains        = hermes.cam.ac.uk
  local_parts        = +hermes_active
  address_data        = user=$local_part ...


# IN THE ACLS

  deny
    message   = Sender address ${extract {user}{$sender_address_data} } \
                does not match authenticated user $authenticated_id
    condition = ${extract {user}{$SENDER} \
                          {${if !eq{$value}{$authenticated_id} }} }


Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}