Re: [exim] Conditional Address Verification in ACLs

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Toby Bryans
Date:  
À: MarkdV
CC: exim-users
Sujet: Re: [exim] Conditional Address Verification in ACLs
On Wed, Sep 09, 2009 at 10:11:51pm +0200, MarkdV wrote:
> Toby Bryans wrote:
> > On Tue, Sep 08, 2009 at 10:54:00pm +0200, MarkdV wrote:
> >> Toby Bryans wrote:
>
> >
> > Yes. It works. My understanding is at the point where you do verify =
> > sender localpart and domain are the sender email address and my tests
> > have born that out, ie I can send mail from a valid address with that
> >
> > router acting as sender verification and I can't from a non-valid
> > address.
> >
> > Am I missing something obvious? You've got me concerned now as what you
> > say makes sense; I'll have to test it all again in case I missed
> > something!
>
> Maybe, then again maybe I am. You've got me second guessing now... :)
>
> So I'm going through the documentation with a find comb and I have found
> one small piece of info that might, maybe, suggest I'm a little bit
> wrong on this one. It's in Chapter 11. in de documentation for
> "$domain", where is says:
>
> "$domain is not normally set during the running of the MAIL ACL.
> However, if the sender address is verified with a callout during the
> MAIL ACL, the sender domain is placed in $domain during the expansions
> of hosts, interface, and port in the smtp transport."


It also appears that $local_part gets set in the MAIL ACL. As an example
with exim -bvs toby-exim@???:

14:13:59 4043 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
14:13:59 4043 Verifying toby-exim@???
14:13:59 4043 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
14:13:59 4043 Considering toby-exim@???
14:13:59 4043 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
14:13:59 4043 routing toby-exim@???
14:13:59 4043 --------> sender_vfry_ad router <--------
14:13:59 4043 local_part=toby-exim domain=bryans.org

... and I can confirm that this works with testing and that the
local_part and domain are both set at the mail acl even though I am not
doing call outs.

However, I am 99% sure that this won't work when I have to move (as I
may well haev to do) the sender verification into the RCPT ACL so thank
you for bringing that to my attention, I believe I can use
$sender_address in this case anyway.

> So, I'd double check if I where you. And if it turns out that you are
> right you may have discovered some undocumented behavior which I think
> would be very interesting to report back!


Absolutely! Here are the -d+all logs for an SMTP session with sender
verification:

14:17:22 4208 SMTP<< MAIL FROM:<toby-exim@???>
14:17:22 4208 using ACL "acl_check_mail"
14:17:22 4208 processing "require"
14:17:22 4208 check verify = sender
14:17:22 4208 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
14:17:22 4208 Verifying toby-exim@???
14:17:22 4208 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
14:17:22 4208 Considering toby-exim@???
14:17:22 4208 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
14:17:22 4208 routing toby-exim@???
14:17:22 4208 --------> sender_vfry_ad router <--------
14:17:22 4208 local_part=toby-exim domain=bryans.org

> I hope you figure out a solution that works for you.


I think I'm on the way!

Best,

--
Toby