Hi,
I am trying to implement BATV with Exim 4.67 and I'd like to run this
past you before I save the config and -HUP the daemon. I have user local
parts listed in a Mysql database with a column called use_batv_key; 0
means don't sign, 1 means sign. I have the following lines in the config
file. Does there appear to be any problem below? Helpful comments?
It'll be great not to have to monitor nullsenders anymore.
Thanks.
Craig
Main section:
BATVKEY = longlistofalphanumericcharacters
BATV_USERS = SELECT recipient FROM users WHERE use_batv_key = '1'
BATV_CHECK = SELECT recipient FROM users WHERE recipient =
'${quote_mysql:$prvscheck_address}' LIMIT 1
localpartlistlist batv_list = ${sg {${lookup mysql{BATV_USERS}}}{\n}{:}}
Rcpt acl section:
# Bounces for signed return-path
deny message = Return address must be signed for this address.
senders = :
recipients = *batv_list
# Bounces for signed return-path prvscheck
deny message = Invalid reverse path signature.
senders = :
control = caseful_local_part
condition = ${prvscheck {$local_part@$domain}{BATVKEY}{1}}
!condition = $prvscheck_result
# Verify signed return-path bounces.
accept message = User account unknown or disabled
senders = :
control = caseful_local_part
condition = ${prvscheck {$local_part@$domain}{BATVKEY}{1}}
domains = +local_domains
endpass
local_parts = ${lookup mysql{BATV_CHECK}}
Routers section:
# Located before the primary remote smtp router for non-signed
return-path
batv_dns:
driver = dnslookup
domains = ! +local_domains
condition = ${if
match_local_part{$sender_address_local_part}{+batv_list}{1}{0}}
transport = batv_smtp
headers_remove = X-NOMAIL-Limit : Received
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
#located before local delivery routers
batv_redirect:
driver = redirect
control = caseful_local_part
condition = ${prvscheck {$local_part@$domain}{BATVKEY}{1}}
data = ${prvscheck {$local_part@$domain}{BATVKEY}}
Transports section:
batv_smtp:
driver = smtp
return_path = ${prvs {$return_path}{BATVKEY}}
delay_after_cutoff = false