hi, i'm trying to make a ACL condition which should check if the
authenticated user is using email addresses out of a allowed list:
*pseudo acl code* in DATA ACL:
deny
message = "You are not allowed to use ($item) in Sender
(Envelope,Sender,From) Address"
authenticateed = *
!hosts = +relay_from_hosts
condition =
hisemaillist=lookup{authenticateduserid}lsearch{/etc/exim/email-per-user.txt}
if not hisemaillist fail
if h_sender not in list hisemaillist or
h_from not in list hisemaillist or
envelopefrom not in list hisemaillist
fail
email-per-user.txt is a list like
userid_used_for_authentification:email@address:email@???
is this possible ?
another (not very related) ACL question:
in data ACL:
I want to restrict email addresses used in the mail itself to be from an
authenticated user if it is something inside our own domains (because
some spam uses an forged from: address beside an correct envelope
address like the address it is sending to as realname,emailaddress, so
it shows up like sending some mail from you to you.
deny
message = "Need to authenticate to use ($item) in Sender
(Sender,From,Reply-to) Addresses"
condition = ${if
or{{match_domain{${domain:$h_sender:}{+local_domains:+relay_to_domains}}}\
{match_domain{${domain:$h_reply-to:}{+local_domains:+relay_to_domains}}}\
{match_domain{${domain:$h_from:}{+local_domains:+relay_to_domains}}}\
}{yes}{no}}
!authenticated = *
!hosts = +relay_from_hosts
something is wrong, but no idea what. as an alternativ i tried
forany{<, $h_sender:,$h_reply-to:,$h_from:}\
{match_domain{${domain:$item}}}{+local_domains:+relay_to_domains}{yes}{no}}
but for some currios reason exim doesnt know forany (maybe its the
stable version of debian exim which is 4.63-17 doesnt know about forany)
Thank you for any input,
Felix
