It could very well be that I'm missing something here, but I think I
found a bug, or at least something that's documented wrong.
Consider the following config, stripped down to the necessary stuff:
# === start config
MYSQL_SERVER=localhost
MYSQL_USER=root
MYSQL_PASSWORD=
MYSQL_DB=
hide mysql_servers = "MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD"
primary_hostname = mailserver.lan
acl_smtp_rcpt = acl_check_rcpt
qualify_domain = mailserver.lan
never_users = root
ACCEPT_SENDERS=SELECT 'good@???'
begin acl
acl_check_rcpt:
accept senders = good@??? :
# accept senders = mysql;ACCEPT_SENDERS :
deny message = relay not permitted
# === end config
Now I start exim with 'exim -C exim.conf -d -bd', and run a telnet session:
220 mailserver.lan ESMTP Exim 4.67 Thu, 03 May 2007 10:29:34 +0200
MAIL FROM:good@???
250 OK
RCPT TO:somewhere@???
250 Accepted
RSET
250 Reset OK
MAIL FROM:bad@???
250 OK
RCPT TO:somewhere@???
550 relay not permitted
Working as intended. Exim debug output follows:
1973 check senders = good@??? :
1973 address match: subject=good@??? pattern=good@???
1973 email.address in "email.address"? yes (matched "email.address")
1973 good@??? in "good@??? :"? yes (matched
"good@???")
[...]
1973 check senders = good@??? :
1973 address match: subject=bad@??? pattern=good@???
1973 bad@??? in "good@??? :"? no (end of list)
Now when I replace the first "accept senders" line with the one
containing the MySQL query, the following happens:
220 mailserver.lan ESMTP Exim 4.67 Thu, 03 May 2007 10:32:42 +0200
MAIL FROM:good@???
250 OK
RCPT TO:somewhere@???
250 Accepted
RSET
250 Reset OK
MAIL FROM:bad@???
250 OK
RCPT TO:somewhere@???
250 Accepted
Whoops? Why is the address that is obviously not in the list returned by
the MySQL query, considered OK? Let's see the Exim debug output:
1977 check senders = mysql;SELECT 'good@???' :
1977 address match: subject=bad@??? pattern=mysql;SELECT
'good@???'
1977 search_open: mysql "NULL"
1977 search_find: file="NULL"
1977 key="SELECT 'good@???'" partial=-1 affix=NULL starflags=0
1977 LRU list:
1977 internal_search_find: file="NULL"
1977 type=mysql key="SELECT 'good@???'"
1977 database lookup required for SELECT 'good@???'
1977 MYSQL query: SELECT 'good@???'
1977 MYSQL new connection: host=localhost port=0 socket=NULL
database=NULL user=root
1977 lookup yielded: good@???
1977 bad@??? in "mysql;SELECT 'good@???' :"? yes
(matched "mysql;SELECT 'good@???'")
1977 accept: condition test succeeded
So what's the deal here? The MySQL query is run and delivers what it
should, but the match doesn't seem to work correct. I could imagine that
it's trying to match against the MySQL query string itself, but it's not
doing it either.
Now from some more testing I found out, that the "senders =" check in
combination with a MySQL lookup only fails when the query returns zero
rows...if this is working as intended, then the documentation is
misleading, or I couldn't find the statement that MySQL lookups
shouldn't return lists here.
