Re: [exim] struggling with conditions

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Dominique
Fecha:  
A: exim-users
Asunto: Re: [exim] struggling with conditions
OK back to my main question.

On Mon, May 07, 2007 at 09:37:41AM +0200, Magnus Holmgren wrote:
> >         warn set acl_m_PROTECTION = ${lookup mysql{SELECT setting FROM
> > settings WHERE domain_name='$domain'}}

> >
> >         condition = {{if eq{acl_m_PROTECTION}{1} { \
> >         ALL_GREY = true} \
> >         } {elseif eq{acl_m_PROTECTION}{2} { \
> >         SKIP_GREY = true } \
> >         } {elseif eq{acl_m_PROTECTION}{3} { \
> >         PARTIAL_GREY = true } \
> >         }

>
> How did you make up this syntax? As far as Exim is concerned, this is just a
> long string. I'm not sure whether one or more macros become defined, but in
> any case you can't conditionally define macros based on string expansion
> results. Macros are defined when the config file is read. They are not
> general-purpose variables.
>
> Have you read the specification, in particular chapters 11 and 40?


I have skimmed the spec through several times. Thanks for clearing things up
regarding macros.


> >         .ifdef SKIP_GREY
> >           !local_parts = +skip_grey
> >         .elifdef PARTIAL_GREY
> >           local_parts = +partial_grey
> >         .elifdef ALL_GREY
> >           local_parts = *
> >         .endif
> >         acl = greylist_acl

>
> This could work, but not the way you want.


OK. Makes sense now.

> > 08:58:51 20672 processing "defer"
> > 08:58:51 20672 check !senders = : postmaster
> > 08:58:51 20672 address match: subject=sender@??? pattern=
> > 08:58:51 20672 d242.net in ""? no (end of list)
> > 08:58:51 20672 address match: subject=sender@??? pattern=postmaster
> > 08:58:51 20672 sender.net in "postmaster"? no (end of list)
> > 08:58:51 20672 sender@??? in ": postmaster"? no (end of list)
>
> The above log lines have no connection with the ACL at hand, but it seems that
> you're trying to match an address against a local part list. You need
> postmaster@* there.


Actually it does, though my earlier snippet was quite incomplete. I have since revised
both the snippet and the actual conf.


> You need something like this:
>
>    warn set acl_m_PROTECTION = ${lookup mysql{SELECT setting FROM settings \
>                                               WHERE domain_name='$domain'}}

>
>    accept condition = ${if eq{acl_m_PROTECTION}{1}}
>           acl = greylist_acl
>    accept condition = ${if eq{acl_m_PROTECTION}{2}}
>           !local_parts = +skip_grey
>           acl = greylist_acl
>    accept condition = ${if eq{acl_m_PROTECTION}{3}}
>           local_parts = +partial_grey
>           acl = greylist_acl

>
> This assumes that greylist_acl returns defer if the mail is to be deferred,
> deny if not, and never accept.
>
> What are skip_grey and partial_grey? Do they depend on the domain too?


OK, thanks for your suggestions.

This implementation returns accept for defers and deny for "accepts". Yes,
it gets a little confusing.
skip_grey and partial_grey are domain-dependent localpartlists.



I have made a revised, simplified version based on your previous post.

My ACL now looks like this:




  defer
        warn set acl_m_PROTECTION = ${lookup mysql{SELECT protection FROM
domain_settings WHERE domain_
name='$domain'}}
        !senders = : postmaster
        #defer condition = {if eq{acl_m_PROTECTION}{2} }
        #       !local_parts = +skip_grey
        #       acl = greylist_acl
        #{ !local_parts = +skip_grey}}
        #       acl = greylist_acl
        #       !local_parts =
        #       acl = greylist_acl
        #defer condition = {if eq{acl_m_PROTECTION}{3}}{yes}{no}
        #       local_parts = +partial_grey
        #       acl = greylist_acl
        #accept condition = {if eq{acl_m_PROTECTION}{2}}{yes}{no}
        #       !local_parts = +skip_grey
        #       acl = greylist_acl
        #defer condition = {if eq{acl_m_PROTECTION}{1}}{yes}{no}
                acl = greylist_acl


                message = Greylisted



But this is not really going to work either. Essentially what I'm looking
for are if statements.

something like the meta code below:

if acl_m_PROTECTION == 2:
    # do not protect these local parts
    !local_parts = +skip_grey
    acl = greylist_acl
elsif acl_m_PROTECTION == 3:
    # protect only these local parts
    local_parts = +partial_grey
    acl = greylist_acl


    

Is something like this doable in ACLs?