On 18/10/2007, Jason Keltz <jas@???> wrote:
> I want to enforce that unauthenticated senders can only send from valid
> users. This part, I believe, I have correct:
>
> deny message = From email address must be valid
> ! authenticated = *
> ! verify = sender
OK....
> ... but then I want to add that authenticated users can send from valid
> users, OR from users that appear in a whitelist... I know the syntax
> for the whitelist:
>
> senders = lsearch;/path/to/whitelist
>
> What I cannot seem to figure out is how to combine these two rules for
> authenticated senders. If I do something like:
>
> deny message = From email address must be valid
> authenticated = *
> ! verify = sender
> ! senders = lsearch;/path/to/whitelist
>
> ... this doesn't work because I'm never going to have a user that is
> both a valid user AND a user in the whitelist. I think that I need a
> combination of accept, and endpass, but I can't seem to figure out what
> it is. Any help would be greatly appreciated!
Try turning the logic round...
accept authenticated=*
senders= lsearch;/path/to/whitelist
.. and put this above the 'deny' you had earlier. If this doesn't work
for you because of more complicated things going on, and you really
need to do a 'deny', then put my suggestion in a sub-acl
dostuff:
accept authenticated=*
senders= lsearch;/path/to/whitelist
and invoke this in a deny from the main acl:
deny message = go away
! acl = dostuff
All untested, may have logic flaws, syntax errors, or just be plain
wrong. But hopefully it gives you something to play around with.
Peter
--
Peter Bowyer
Email: peter@???
