Marc Perkel wrote: > In addition to all the standard ACLs I'd like to suggest a headers acl
> that would run at the blank line between the headers and the message.
> That way I can take action without having to wait for all the data to be
> transfered. What action would you be taking? No client will accept a response at
that point. So only two of the ACL verbs would be valid, "accept" to
keep on going and "drop", to just disconnect the sender. Dropping
malware connections may be OK, but if there is a chance that the other
end is a real mail server it would amount to confusion as to why the
connection went away without any sort of error message. The "drop" verb
does still offer an error line before closing the connection; that
wouldn't be possible here.
If you notice all the ACLs are triggered by the SMTP conversation. They
allow the admin to tailor Exim's responses when it is time to give a
reply to the sender. There is nothing for the server to do during the
DATA portion except sit and listen.