Autor: Fredrik Melander Data: Dla: exim-users Temat: [exim] Using external programs for certificate validation
Hi everyone,
On behalf of my employer I'm trying to port a script I used to parse
x509-certificates with Postfix to work with Exim. This is my very first
experience with Exim so bare with me if my questions come across as
stupid. I did briefly plough through "The Exim SMTP mail server" (Hazel)
and searched the archive, unfortunately without ending up that much
wiser (well, in this regard).
What I want to do is something along the following lines:
Let's say I have a daemon process in form of a python-script listening
on a certain port on my machine. Upon recieving a x509-certificate from
a remote machine Exim deligates this to my script, preferably over TCP
but if not possible also through a pipe or similar. My script will then
decide if the email be accepted or not.
With postfix I would simply have my daemon listening to a port of my
liking, say 5244, and then use a rule like:
...and so on... With Exim I've seen two options that I figure could do
something similar. First, the queryprogram router, and secondly the
run-command (in string expansions). The problems I see with these is
that my script gets started and stopped each time an email arrives
instead of remaining running as a daemon. Secondly, I haven't figured
out how to pass the appropriate arguments to them (with Postfix, for
example, I'd get a nice array with information about the client and it's
certificate "for free" without explicitly having to ask for it).
I'm afraid my limited experience with Exim kind of prevents me from
asking the right questions, but I'd be very happy for any suggestions in
the matter. Is my problem somewhat clear? Are there any other possible
ways of achieving this? Is it at all possible for Exim to call my script
over a TCP-port like stated above?