Re: [exim] DCC ACL patch

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Wolfgang Breyha
日付:  
To: Physicman
CC: exim-users
題目: Re: [exim] DCC ACL patch
Physicman wrote, on 16.01.2008 13:40:
> Wow! Great job!
> You've done what I've always been too lazy to do, thanks! :)


;-) It's a pleasure that it's usefull for others, too:)

> I'm not too sure how you actually use it as I had some trouble
> replacing the local_scan by an ACL.


I use DCC for both counting and greylisting. dccifd (-Gon) returns the
greylisting results.

The DATA ACL starts with
   warn    dcc         = *
           set acl_m6  = yes


acl_m6 is combined with several triggers like RBL entries or exim checks later
to do selective greylisting. eg:

   defer   condition   = $acl_m6
           hosts       = ! +system_hosts
           !verify     = reverse_host_lookup


That's why i defined dcc_result first and never implemented it finally;-)

> Therefore, I rewrote a bit your patch (basically removed everything
> related to rebuilding the recipients list and I also added return
> values for dcc_result which weren't set apparently), so that I can now
> have an ACL like this:


Wasn't that part commented already? But yes, my patch is very close to my
needs here currently.

One "special feature" i didn't mention in the readme is the
dcc_direct_header_add = yes

If you use spamd within DATA ACL and call dcc before, you can set this to add 
the X-DCC-Header "in deep" to the spool file. In this way spamd already sees 
the header (what's not the case if add_header was used) and simple matching 
rules can be used instead of the full SpamAssassin DCC module. eg:
header __XXDCC_HIGH_BODY       X-DCC-xx-Metrics =~ /^.*Body=\d{6,}\s+Fuz.*$/
header __XXDCC_HIGH_FUZ1       X-DCC-xx-Metrics =~ /^.*Fuz1=\d{6,}\s+Fuz.*$/
header __XXDCC_HIGH_FUZ2       X-DCC-xx-Metrics =~ /^.*Fuz2=\d{6,}$/


This also prevents double counts etc....

>   warn    dcc           = *
>           add_header    = $dcc_header

>
>   deny    message       = Rejected by DCC
>           condition     = ${if eq{$dcc_result}{R}{1}{0}}

>
> I haven't tested it for long yet but so far it seems to be working fine.
>
> Attached is a patch for your patched exim ;)
> A full diff against a vanilla 4.69 can be found at


Fine! I'll try to get the patch and documentation reworked again on weekend
and send it to Tom Kistner for CVS inclusion. The main reason why I released
the patch mostly "as is" was that I wanted to wait for feedback first.

Greetings,
Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria