Phil Chambers wrote:
> I want to do some checking on messages being injected by web pages using the -t
> command-line option. As far as I can see I will need to use a acl_non_smtp ACL.
>
> With the -t option Exim will take the recipients from the header. I would like
> to restrict recipients to a limited set of local users under these
> circumstances, but I don't see how I can do it. With SMTP one gets to use an
> ACL for each recipient, but you only get one go at acl_non_smtp. I thought of
> $recipients, but it will not contain anything in this situation.
>
> Any suggestions please?
I once considered doing something similar, using something like the
following:
exim4 -bm _redeliver-false-positive_@??? -oi < quarantined-msg
along with the following router:
redeliver_false_positive:
driver = redirect
domains = projectile.ca
local_parts = _redeliver-false-positive_
condition = ${if and{{!def:sender_host_address}
{={$caller_uid}{0}}
{def:h_Envelope-to}}{yes}{no}}
data = ${address:$h_Envelope-to}
headers_add = X-Projectile-Redelivered: $tod_full
This redelivers to the contents of the Envelope-to header, which will be
more accurate than -t in this situation, and the condition ensures that
it can only be used by root submitting mail locally, not over smtp.
In the end, I never actually implemented this, so I have no idea if it
really works.
- Marc
