Hello everyone,
I'd like to propose / ask if the following could be added to Exim wishlist:
1. A user can't use directly functions like lookup in and{}, or{}. Since
"lookup" can return different values, it could return Boolean true and
false as well, and those values could be used in logical conjunction and
alternatives directly.
2. eq on argument equality or lack thereof could expand to different
values, which would make for shorter notation in comparison to ${if eq
{.... }}
I came across practical problem today: I have been adding whitelist
modifiers to RBL ACLs:
deny dnslists = xbl.spamhaus.org
log_message = BLOKOWANIE PRZEZ RBL (czarna lista adresow IP wysylajacych
spam): xbl.spamhaus.org / BLOCKED BY RBL (real-time blackhole list of IP
addresses sending spam): xbl.spamhaus.org $tod_log
message = BLOKOWANIE PRZEZ RBL (czarna lista adresow IP wysylajacych
spam): xbl.spamhaus.org / BLOCKED BY RBL (real-time blackhole list of IP
addresses sending spam): xbl.spamhaus.org $tod_log
condition = ${lookup {${lc:$sender_address_domain}} partial1-lsearch
{/etc/domeny/wildcard_whitelist_domains} {no}{yes}}
condition = ${lookup {$sender_host_address}
lsearch{/etc/domeny/whitelist_ip} {no}{yes}}
condition = ${if eq {${lookup {$domain}
lsearch*{/etc/domeny/whitelist_domain_pair}{$value}}}{$sender_address_domain}
{no}{yes}}
!authenticated = *
deny dnslists = dnsbl-1.uceprotect.net
log_message = BLOKOWANIE PRZEZ RBL (czarna lista adresow IP wysylajacych
spam): dnsbl-1.uceprotect.net / BLOCKED BY RBL (real-time blackhole list
of IP addresses sending spam): dnsbl-1.uceprotect.net $tod_log
message = BLOKOWANIE PRZEZ RBL (czarna lista adresow IP wysylajacych
spam): dnsbl-1.uceprotect.net / BLOCKED BY RBL (real-time blackhole list
of IP addresses sending spam): dnsbl-1.uceprotect.net $tod_log
condition = ${lookup {${lc:$sender_address_domain}} partial1-lsearch
{/etc/domeny/wildcard_whitelist_domains} {no}{yes}}
condition = ${lookup {$sender_host_address}
lsearch{/etc/domeny/whitelist_ip} {no}{yes}}
condition = ${if eq {${lookup {$domain}
lsearch*{/etc/domeny/whitelist_domain_pair}{$value}}}{$sender_address_domain}
{no}{yes}}
!authenticated = *
Every RBL had to have those 3 conditions tested again right after
previous RBL verb tested them, so I decided to consolidate condition
lines into a single user variable and this is what I ended up with:
warn set acl_c_wh = ${if or { \
{ eq {${lookup{${lc:$sender_address_domain}}
partial1-lsearch{/etc/domeny/wildcard_whitelist_domains} {true}{false}}}
{true} } \
{ eq {${lookup{$sender_host_address} lsearch{/etc/domeny/whitelist_ip}
{true}{false}}} {true} } \
{ eq {${lookup {$domain} lsearch*{/etc/domeny/whitelist_domain_pair}
{$value}}} {$sender_address_domain} } \
} {false}{true} }
deny dnslists = xbl.spamhaus.org
log_message = BLOKOWANIE PRZEZ RBL (czarna lista adresow IP wysylajacych
spam): xbl.spamhaus.org / BLOCKED BY RBL (real-time blackhole list of IP
addresses sending spam): xbl.spamhaus.org $tod_log
message = BLOKOWANIE PRZEZ RBL (czarna lista adresow IP wysylajacych
spam): xbl.spamhaus.org / BLOCKED BY RBL (real-time blackhole list of IP
addresses sending spam): xbl.spamhaus.org $tod_log
condition = $acl_c_wh
!authenticated = *
Note that "eq" functions above would be generally if lookup function
could be used directly: first I do a lookup, then eq to "true" string.
Arguably, an alternative with three arguments is not very complex
logical operation - writing above in Bash shell would be trivial and
result would be more readable, while formulating it in Exim was quite a
chore while getting the above expression to work.
--
Marcin Król
