Re: [exim] acl: different behaviour for messages in verify =…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Heiko Schlittermann
日付:  
To: exim-users
題目: Re: [exim] acl: different behaviour for messages in verify = ...
Hello Phil and the others,

thank you for responding.

Philip Hazel <ph10@???> (Fr 12 Jan 2007 10:53:03 CET):
> On Thu, 11 Jan 2007, Heiko Schlittermann wrote:
>
> > in my RCPT ACL I've:
> >     ...
> >     require message = Huh (sender)!
> >        verify  = sender/callout=random

> >
> >     require message = Huh (recipient)!
> >        verify  = recipient/callout=random
> >     ...

> >
> > I expected exactly my message in the server response, nothing but my
> > message. But in the following examples you'll see that it's true only
> > for the recipient verification.
>
> If you want just your message for the sender verification failure, then
> you must do the sender verification at MAIL time, not at RCPT time.


Hm. But this conflicts with my attempt to accept *all* mails directed to
postmaster. (Yes, I could use some variable and delay the rejection, but
this would be ugly.)

>
> > Now testing it with BAD SENDER:
> >
> >     # exiacl -f pitti@??? -t info@???
> >     **> /usr/sbin/exim -C /etc/exim4/exim4.conf -oMi 145.253.107.250 -bhc 172.20.1.8
> >     LOG: no host name found for IP address 172.20.1.8
> >     < 220 paff.bioz.tzdresden.de ESMTP Exim 4.63 Thu, 11 Jan 2007 22:40:52 +0100
> >     > EHLO schlittermann.de
> >     < 250-paff.bioz.tzdresden.de Hello schlittermann.de [172.20.1.8]
> >     < 250-SIZE 52428800
> >     < 250-PIPELINING
> >     < 250-STARTTLS
> >     < 250 HELP
> >     > MAIL FROM: pitti@???
> >     < 250 OK
> >     > RCPT TO: info@???
> >     LOG: H=(schlittermann.de) [172.20.1.8] sender verify fail for <pitti@???>
> >     LOG: H=(schlittermann.de) [172.20.1.8] F=<pitti@???> rejected RCPT info@???: \
> >     Sender verify failed
> >     < 550-Verification failed for <pitti@???>
> >     < 550-Previous (cached) callout verification failure
> >     < 550 Huh (sender)!

>
> The reason for this is to make it clear that it is the sender that has
> failed to verify, and to state precisely which email address failed.
> Otherwise it could be very confusing if you had something like:
>
> RCPT TO:<x@@y>
> 550 Verification failed


Yes, this I understand. But I'd suppose that I know what I'm doing if
I use my own message. And always I can use $acl_verify_message if I
want to expose the real reason.

Somehow I feel the current beheviour not consistent. Is there any
chance to change it?


    Best regards from Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -