OK back to my main question.
On Mon, May 07, 2007 at 09:37:41AM +0200, Magnus Holmgren wrote:
> > warn set acl_m_PROTECTION = ${lookup mysql{SELECT setting FROM
> > settings WHERE domain_name='$domain'}}
> >
> > condition = {{if eq{acl_m_PROTECTION}{1} { \
> > ALL_GREY = true} \
> > } {elseif eq{acl_m_PROTECTION}{2} { \
> > SKIP_GREY = true } \
> > } {elseif eq{acl_m_PROTECTION}{3} { \
> > PARTIAL_GREY = true } \
> > }
>
> How did you make up this syntax? As far as Exim is concerned, this is just a
> long string. I'm not sure whether one or more macros become defined, but in
> any case you can't conditionally define macros based on string expansion
> results. Macros are defined when the config file is read. They are not
> general-purpose variables.
>
> Have you read the specification, in particular chapters 11 and 40?
I have skimmed the spec through several times. Thanks for clearing things up
regarding macros.
> > .ifdef SKIP_GREY
> > !local_parts = +skip_grey
> > .elifdef PARTIAL_GREY
> > local_parts = +partial_grey
> > .elifdef ALL_GREY
> > local_parts = *
> > .endif
> > acl = greylist_acl
>
> This could work, but not the way you want.
OK. Makes sense now.
> > 08:58:51 20672 processing "defer"
> > 08:58:51 20672 check !senders = : postmaster
> > 08:58:51 20672 address match: subject=sender@??? pattern=
> > 08:58:51 20672 d242.net in ""? no (end of list)
> > 08:58:51 20672 address match: subject=sender@??? pattern=postmaster
> > 08:58:51 20672 sender.net in "postmaster"? no (end of list)
> > 08:58:51 20672 sender@??? in ": postmaster"? no (end of list)
>
> The above log lines have no connection with the ACL at hand, but it seems that
> you're trying to match an address against a local part list. You need
> postmaster@* there.
Actually it does, though my earlier snippet was quite incomplete. I have since revised
both the snippet and the actual conf.
> You need something like this:
>
> warn set acl_m_PROTECTION = ${lookup mysql{SELECT setting FROM settings \
> WHERE domain_name='$domain'}}
>
> accept condition = ${if eq{acl_m_PROTECTION}{1}}
> acl = greylist_acl
> accept condition = ${if eq{acl_m_PROTECTION}{2}}
> !local_parts = +skip_grey
> acl = greylist_acl
> accept condition = ${if eq{acl_m_PROTECTION}{3}}
> local_parts = +partial_grey
> acl = greylist_acl
>
> This assumes that greylist_acl returns defer if the mail is to be deferred,
> deny if not, and never accept.
>
> What are skip_grey and partial_grey? Do they depend on the domain too?
OK, thanks for your suggestions.
This implementation returns accept for defers and deny for "accepts". Yes,
it gets a little confusing.
skip_grey and partial_grey are domain-dependent localpartlists.
I have made a revised, simplified version based on your previous post.
My ACL now looks like this:
defer
warn set acl_m_PROTECTION = ${lookup mysql{SELECT protection FROM
domain_settings WHERE domain_
name='$domain'}}
!senders = : postmaster
#defer condition = {if eq{acl_m_PROTECTION}{2} }
# !local_parts = +skip_grey
# acl = greylist_acl
#{ !local_parts = +skip_grey}}
# acl = greylist_acl
# !local_parts =
# acl = greylist_acl
#defer condition = {if eq{acl_m_PROTECTION}{3}}{yes}{no}
# local_parts = +partial_grey
# acl = greylist_acl
#accept condition = {if eq{acl_m_PROTECTION}{2}}{yes}{no}
# !local_parts = +skip_grey
# acl = greylist_acl
#defer condition = {if eq{acl_m_PROTECTION}{1}}{yes}{no}
acl = greylist_acl
message = Greylisted
But this is not really going to work either. Essentially what I'm looking
for are if statements.
something like the meta code below:
if acl_m_PROTECTION == 2:
# do not protect these local parts
!local_parts = +skip_grey
acl = greylist_acl
elsif acl_m_PROTECTION == 3:
# protect only these local parts
local_parts = +partial_grey
acl = greylist_acl
Is something like this doable in ACLs?
