Re: [exim] Sender verification

Top Page
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: erwin.ambrosch, exim-users
Subject: Re: [exim] Sender verification
Aren't you sending from a $sender_address which is in the whitelist?
Using this ACL:
    # Whitelist on mailbox level
    accept
           message   = Sender $sender_address is in local Whitelist
           condition = ${if !eq {}{${lookup pgsql {SQL_WHITELIST}}}}


You may also have the check disabled in you pgsql in the condition statememt
          condition = ${if eq {t}{${lookup pgsql {SQL_VERIFY_SENDER}}}}


Erwin Ambrosch|XHOSTPLUS wrote:
> Hi,
>
> here my ACLs. I do not send from localhost to test this issue.
>
> begin acl
>
> # ACL that is used after the RCPT command
> check_recipient:
>
>     accept
>            hosts  = 127.0.0.1/24

>
>     # Whitelist on mailbox level
>     accept
>            message   = Sender $sender_address is in local Whitelist
>            condition = ${if !eq {}{${lookup pgsql {SQL_WHITELIST}}}}

>
>     # Blacklist on mailbox level
>     deny
>             message   = Sender $sender_address is in local Blacklist
>             condition = ${if !eq {}{${lookup pgsql {SQL_BLACKLIST}}}}

>
>     deny    local_parts   = ^.*[@%!/|]

>
>     # If user defiend just verifying the domain
>     deny !verify   = sender
>          condition = ${if eq {t}{${lookup pgsql
> {SQL_VERIFY_SENDER_DOMAIN}}}}

>
>     # If user defiend verifying the whole address
>     deny !verify   = sender/callout=15s
>          condition = ${if eq {t}{${lookup pgsql {SQL_VERIFY_SENDER}}}}

>
>     accept  domains       = +local_domains
>             endpass
>             # Otherwise the RCPT TO command alway retuns "250 Accepted"
>             # because the verify condition just works with files.
>             # If not checking this, mails which can not be sent back to
> the sender
>             # remain in the queue until the retry time is passed.
>             condition     = ${if eq {}{${lookup pgsql
> {SQL_Q_ACL_MAIL_BOX}}}{no}{yes}}
>             message       = unknown user
>             # Verifing the recipient is no longer neccessary, because
>             # we are using the condition constraint.
>             #verify        = recipient

>
>     accept  authenticated = *

>
>     deny    message       = relay not permitted
>             log_message   = relay not permitted

>
> # ACL that is used after the DATA command
>   check_message:
>     accept  authenticated = *
>     accept

>
>
> Thanks for helping me!
>
> Regards
> Erwin
>
>
> Renaud Allard schrieb:
>>
>> Erwin Ambrosch|XHOSTPLUS wrote:
>>> Hi All,
>>>
>>> I've exim4 configured to do a verify = sender/callout=15s and it
>>> works for sender which domain is not in the list of local_domains. If
>>> an E-Mail is sent with the domain_part existing in the local_domains,
>>> it exim4 doesn't perform the sender/callout verification.
>>>
>>> Here my ACLS effected by this issue:
>>>
>>> deny !verify = sender/callout=15s
>>>
>>> accept  domains = +local_domains
>>>          endpass
>>>          verify = recipient

>>>
>>
>> The order of the ACLs is very important. Are you sure you aren't sending
>> mail from an IP accepted in a former ACL? You should send your full
>> config (at least the ACL part) for us to help you efficiently.
>>
>


--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100