Autor: W B Hacker Datum: To: exim users Betreff: Re: [exim] Please sanity-check my ACLs outline
Dave Pooser wrote:
>>>- [ ] acl_data
>>>- [ ] accept if local part is postmaster and/or blacklist admin
>>>and/or abuse
>>>- [ ] scan with ClamAV
>>
>>Recipient address is not available in DATA ACL, i.e. you can't
>>selectively pass or reject recipients in the ACL.
>
>
> Okay, can I set an ACL variable if the recipient is postmaster in the
> acl_rcpt_to ACL and then reference that variable in the DATA ACL? Or does it
> just make more sense to use the SpamAssassin all_spam_to directive?
Yes - you may use a 'warn' verb to carry the test and variable if it doesn't fit
an existing acl clause.
FWIW, you may wish to handle 'hostmaster' and 'abuse' the same way as
'postmaster' (optionally 'webmaster' as well), *and* allow domain_literals
(postmaster@<IP>) on (only) those addresses.
This because your <domain>.<tld> registrar or upstream ISP might need to reach
you 'regardless'. Think DNS failure or service suspension.
The acl variable would probably be 'lighter weight' than SA as far as resource
load, and arguably more focused for the specific purpose w/r keeping track of
what you are doing.