Thomas Jacob wrote:
> I am using ACLs to store the "OK" result of a sender callout
> verification in an ACL variable: [...]
>
> so that I can later skip certain tests (e.g. deny !verify =
> reverse_host_lookup)
> if callout verification succeeded.
>
> But I would like to know also if callout verification resulted in a
> defer, so that I could for instance do a defer !verify =
reverse_host_lookup
> in such a case.
>
> Question: Is it somehow possible to find out in a condition check
> whether the last sender verify callout resulted in a :defer:?
The expansion variables $acl_verify_message and $sender_verify_failure
exist. It's possible that they may be of some use.
As an alternative approach, you can simply use the verify = sender
condition multiple times (with or without defer_ok). The result is
cached, so that repeated callouts are avoided. I'm not 100% sure about
temporary callout failures however.
Additionally, you might want to perform the much lighter
reverse_host_lookup check first, e.g.
deny !verify = reverse_host_lookup
!verify = sender/callout=30s,connect=10s/no_details
to reject if the reverse host lookup *and* the sender callout
verification fails, and to defer if the latter defers.
To avoid hitting to many innocent Joes, It's even recommended that you
save sender callout verification as the last check in the DATA ACL.
--
Magnus Holmgren holmgren@???
(No CC of list mail needed, thanks)
