On Sun, 5 Feb 2006, Jakob Hirsch wrote:
>
> acl_check_mail:
>
> deny
> message = sender does not match auth data
> ! senders = ${lookup mysql {select address from smtp_auth where username='${quote_mysql:$authenticated_id}'}}
That works if you have fairly uniform addresses, or a well-populated
database. My approach is to store the username in $address_data in the
final router that handles local delivery. This means that personal aliases
such as tony.finch@??? are treated the same as fanf2@???.
Group aliases that don't resolve to a single user don't get a user= field
in their address data because Exim gives up verification when there's more
than one child address.
# IN THE ROUTERS
# Verify Hermes addresses that are destined for the Cyrus message
# stores in a separate router in order to avoid callouts. We fill
# in the address data for use by the ACLs.
hermes_verify:
driver = accept
local_part_suffix = +*
local_part_suffix_optional
verify_only
domains = hermes.cam.ac.uk
local_parts = +hermes_active
address_data = user=$local_part ...
# IN THE ACLS
deny
message = Sender address ${extract {user}{$sender_address_data} } \
does not match authenticated user $authenticated_id
condition = ${extract {user}{$SENDER} \
{${if !eq{$value}{$authenticated_id} }} }
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}