Tony Finch wrote:
> On Tue, 17 Jun 2008, Olaf Hopp wrote:
>> So I thought I must "somehow" modify my SA-ACL doing a "DENY" when
>> spamscore is above some treshold and final destination is not inhouse.
>>
>> I thought I could accomplish this via "address_data" set by my router,
>> which is handling remote deliveries and then asking within the data-acl
>> for the value of address_data, but it is always unset :-(
>
> Your idea is generally good. The problem is that address_data is not set
> in the data acl because its value is specific to a single address, but a
> message can have more than one recipient. What you need to do is decide
> how to deal with a message that is sent to multiple recipients some of
> which are delivered locally and some of which are forwarded. For example,
> you might decide to reject spam in this case, just like messages to one
> forwarding recipient. To implement this policy, you can set an acl_m
> variable in the rcpt acl if the address_data indicates the recipient is
> forwarded and leave it alone in other cases. Then check the acl_m variable
> in the data acl to see if it is set and reject the message if the spam
> score is too high. You can change the logic for setting the variable
> according to the ploicy you want.
Thanks Tony,
I was just about reading about the acl-variables when you answer arrived.
My solution is as follows:
rcpt_acl:
accept domains = +local_domains
endpass
message = Unknown user.
verify = recipient
set acl_m0 = $address_data
And the router handling remote deliveries:
lookuphost:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp_out
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
address_data = remote
The router doing local deliveries does not set address_data
Further in the data_acl
deny message = No relay of spam to foreign addresses
condition = ${if >{$spam_score_int}{50}{1}{0}}
condition = ${if def:acl_m0 {1}{0}}
I still have the (minor) problem as Tony pointed out to decide
what to to if there is at least one remote and one local delivery.
But this is a question of politics that technics :-)
Olaf
--
==============================================================================
__0
_-\<,_ Dipl.-Geophys. Olaf Hopp
(_)/ (_) ATIS - Abteilung Technische Infrastruktur
University of Karlsruhe EMail: Olaf.Hopp@???
Faculty of Computer Science WWW : http://www.atis.uni-karlsruhe.de
Building 50.34 Room-No. 009
Am Fasanengarten 5 Fon : +49 (721) 608-3973
D-76131 Karlsruhe / Germany Fax : +49 (721) 608-6699
==============================================================================
