* on the Tue, Dec 26, 2006 at 06:44:37PM -0800, Marc Perkel wrote:
> How would I do this in an ACL? I want to test to see if the IP of the
> interface that my server received the message on is the lowest MX record
> for the domain that it's being sent to.
>
> Thanks in advance
The thing that makes this difficult is the fact that an mx lookup using
dnsdb doesn't return the results in order of mx priority. You need to
create some sort of loop to go through the results to figure out which
is/are the mx(s) with the "lowest MX record". To do this inside exim means
you need to use a separate recursive acl. It's a bit of a messy solution
and it ties up three acl variables but I have something which appears
to work here:
acl_get_last_mx:
warn set acl_m8 = ${sg{$acl_m7}{\N^(\d+) ([^:]+).*\N}{pri=\$1\nhosts=\$2}}
set acl_m8 = pri=${extract{pri}{$acl_m8}}\nhosts=${lookup dnsdb{>|a=${extract{hosts}{$acl_m8}}}}
set acl_m7 = ${sg{$acl_m7}{\N^[^\|]*\|?(.*)\N}{\$1}}
warn !condition = ${if eq{$acl_m7}{}}
acl = acl_get_last_mx
accept condition = ${if eq{$acl_m9}{}}
set acl_m9 = $acl_m8
accept condition = ${if ={${extract{pri}{$acl_m8}}}{${extract{pri}{$acl_m9}}}}
set acl_m9 = pri=${extract{pri}{$acl_m9}}
hosts=${extract{hosts}{$acl_m9}}|${extract{hosts}{$acl_m8}}
accept condition = ${if >{${extract{pri}{$acl_m8}}}{${extract{pri}{$acl_m9}}}}
accept set acl_m9 = acl_m8
Then in the recipient acl:
warn set acl_m7 = ${lookup dnsdb{>:mx=$domain}{$value}{}}
acl = acl_get_last_mx
At this point acl_m9 contains a pipe separated list of ip addresses for
each of the hosts that share the "lowest MX record"
To do the check:
warn set acl_m9 = (${sg{${extract{hosts}{$acl_m9}}}{\N\.\N}{\\.}})
warn condition = ${if match{$interface_address}{^$acl_m9\$}}
log_message = They've connected to the lowest MX record. How rude!
Note: This was only tested very briefly and there may be situations
where it doesn't work, so test it thoroughly. Also, don't forget, there
are several situations where the highest MX record is the same as the
lowest MX record, eg if there is only one mx record, or they all have
the same priority.
Mike