Re: [exim] Helo Rules Help

Top Page
Delete this message
Reply to this message
Author: Andrew - Supernews
Date:  
To: Wil, exim-users
Subject: Re: [exim] Helo Rules Help
>>>>> "Wil" == Wil <exim@???> writes:

Wil> Here I want to add to the condition telling it not to be valid
Wil> if using port 587 like I have on a few others. I have tried this
Wil> and it is getting a temporary local problem.


Putting logic into individual ACLs to distinguish between port 25 and
port 587 is unwise because (a) it seriously over-complicates them and
(b) the logic required for port 25 and port 587 has almost nothing in
common. (If your ACL logic looks similar for port 25 and port 587 then
you are almost certainly doing something wrong, such as accepting
inbound mail on 587 without authentication.)

Instead do this or something like it:

IS_SMTP_PORT = ={$interface_port}{25}

acl_smtp_connect = ${if IS_SMTP_PORT {check_connect}{accept}}
acl_smtp_helo = ${if IS_SMTP_PORT {check_helo}{accept}}
acl_smtp_mail = ${if IS_SMTP_PORT {check_mail}{accept}}
acl_smtp_rcpt = ${if IS_SMTP_PORT {check_recipient}{check_submission}}
acl_smtp_mime = check_mime_part
acl_smtp_data = check_message

This setup allows you to have completely separate ACLs for the RCPT
phase (check_recipient for port 25, and check_submission for port 587),
and bypass the ACLs for connect, helo, mail completely for port 587
traffic (you could put different ACLs there too, but in practice you
shouldn't reject port 587 traffic anywhere except at RCPT or DATA).

--
Andrew, Supernews
http://www.supernews.com