Re: [exim] scanning at ACL using external program

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Marcin Krol
CC: exim users
Subject: Re: [exim] scanning at ACL using external program
On 2008-12-10 at 17:49 +0100, Marcin Krol wrote:
> I also would like to implement selective greylisting, for mails that are
> "suspicious" (like when SA score is above SAtempreject in sa-exim), and
> this would be much easier to do with external script than implementing
> it all in Exim.


Indeed; I use such a program, the greylisting program from Debian,
written in Python and hacked around to run on my non-Linux system.

It uses a unix-domain socket for communications, I communicate with it
via the ${readsocket...} expansion.

Myself, the idea of letting each inbound mail, prior to filtering out
the spam, fork a process worries me. Exim goes to some lengths to
provide load limitation controls and forking new processes during the
earliest stages seems fraught with problems.

However, if I did want to do that, I'd use ${run...} as an expansion.
Carefully.

  defer   message       = $sender_host_address is not yet authorised to \
                          deliver mail from <$sender_address> to \
                          <$local_part@$domain>.  Please try later.
          log_message   = greylisted
[... various checks, including whitelisting on file and dnswl.org ...]
          domains       = +local_domains
          verify        = recipient
          condition     = ${readsocket{/var/run/greylistd/socket}\
                          {--grey \
                           $sender_host_address \
                           $sender_address \
                           $local_part@$domain}\
                          {5s}{}{false}}


-Phil