On Fri, Aug 21, 2009 at 03:25:57PM +0100, Alain Williams wrote:
> Brilliant - many thanks. I have tested it and it works.
>
> I had hoped to avoid an extra router, but if that is what it takes ...
Elegance is important for me too, but think of it this way. Any time
you cherry pick local parts out of a specific domain, you'll always
need a catch-all router at the end. You have a catch all now. It's
just that it rejects everything instead of accepting everything.
> As a matter of interest, in acl_check_rcpt: I did have (at one point) the
> following. Any comment as to if it is better/...
> I doubt that it will be significantly faster.
> One reason for not putting it in an ACL is that the decision of a
> user being acceptable is only in once place (the routers) and so better
> from a docmentation point of view.
Remember that routers are also used to verify addresses. So, if you
create an ACL that does:
deny !verify = recipient
Then you've accomplished the same thing while still using routers. I can't
remember off the top of my head if you'll need a "fail_verify" on your
catch-all (to tell the verify ACL statement to fail if the catch-all is
executed). The :fail: may make it work correctly anyway, but if not,
then you can add fail_verify to your schoolAdminFail router.
> # accept known users only:
> accept domains = some.school
> recipients = lsearch;/etc/exim/admin_users
> # reject anything else:
> deny domains = some.school
If you were to use the above lines, you would still have to have your
routers in place and would also be duplicating logic that the "deny !verify
= recipient" would catch anyway.
--
Dean Brooks
dean@???