Re: [exim] Helo Rules Help

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Wakko Warner
Dátum:  
Címzett: Wil
CC: exim-users
Tárgy: Re: [exim] Helo Rules Help
Wil wrote:
>   drop message      = Security breach $sender_helo_name is one of MY names!
>        condition    = ${lookup{$sender_helo_name}
> lsearch{/etc/virtual/domains}{1}{0}}
>        hosts        = ! +whitelist_hosts_ip

>
> Here I want to add to the condition telling it not to be valid if using port
> 587 like I have on a few others. I have tried this and it is getting a
> temporary local problem.
>
>        condition    = ${if and {{ lookup{$sender_helo_name}
> lsearch{/etc/virtual/domains}}{! eq{$interface_port}{587}}}}


The easiest way I setup on a test bed server at work (wasn't implemented yet
but does work) is to do this:

This goes in the global part of the config:

# Partial ${if expansion condition.  True is returned if the port is the SMTP
# MTA port (25).  NOTE: the port can also be -1 which indicates a fake SMTP
# session (using -bh or -bhc)
MTA = or{ \
         {eq{$interface_port}{25}} \
         {eq{$interface_port}{-1}} \
        }


# ACLs
acl_smtp_connect = acl_check_connect_${if MTA{mta}{msa}}
acl_smtp_helo = acl_check_helo_${if MTA{mta}{msa}}
acl_smtp_mail = acl_check_mail_${if MTA{mta}{msa}}
acl_smtp_rcpt = acl_check_rcpt_${if MTA{mta}{msa}}
acl_smtp_data = acl_check_data_${if MTA{mta}{msa}}


This means that if the connection is to port 25, the following acls run:
acl_check_connect_mta
acl_check_helo_mta
acl_check_mail_mta
acl_check_rcpt_mta
acl_check_data_mta

Other wise (port 587, 465, etc) these will run:
acl_check_connect_msa
acl_check_helo_msa
acl_check_mail_msa
acl_check_rcpt_msa
acl_check_data_msa

Rename your current ACLs called from the above and add _mta to the end.
Then in acl_check_connect_mta, acl_check_helo_msa, acl_check_mail_msa, and
acl_check_data_msa just simply accept everything. In acl_check_rcpt_msa
verify the user has authenticated and accept everything if so.

You may have other rules you wish to add to authenticated users, but that's
left as an excercise.

The MTA above (uppercase) is a macro. I defined it in my config as I use it
many times and writing that same or{} condition got tedious and error prone.

--
Lab tests show that use of micro$oft causes cancer in lab animals
Got Gas???