Hi Tony,
thank you very much for your help, after some fiddeling i was able to
use your scripts.
also i was able to write a second one, which checks if somebodies
envelope is outside our domains, but tries to forge an inside address in
the mailheader, which also works (using your template)
Here is the result of it, maybe somebody else could use it.
btw.: is there a possibility to make the error message more informativ
(eg. what address item was rejected) ?
# data ACL:
# if authenticated, check if envelope, sender, from,
# are within the allowed email addresses listed in email-per-user.txt
deny
message = "user $authenticated_id may not use sender address
$sender_address"
!condition = ${if forall \
{<, ${addresses:>, $sender_address},\
${addresses:>, $h_From:}, ${addresses:>, $h_Sender:} } \
{ match_address {$item}{${lookup {$authenticated_id} lsearch\
{/etc/exim4/email-per-user.txt} }} } }
authenticated = *
!hosts = +relay_from_hosts
# data ACL:
# if not authenticated or from relay hosts,
# check if mail header sender (Sender,Reply-To,From)
# are not in one of our or relayed domains
deny
message = "need to authenticate to use addresses from our domains"
condition= ${if forany \
{<, ${addresses:>, $h_From:},\
${addresses:>, $h_Sender:}, \
${addresses:>, $h_Reply-to:} } \
{ match_domain {${domain:$item}}{+local_domains:+relay_to_domains}} }
!authenticated = *
!hosts = +relay_from_hosts
Felix
