Re: [exim] match local_domain with $sender_adresse_domain an…

Top Page

Reply to this message
Author: Phil Pennock
Date:  
To: Nerigal .
CC: exim-users
Subject: Re: [exim] match local_domain with $sender_adresse_domain and or ${domain:$h_From:}
On 2011-09-15 at 14:01 -0400, Nerigal . wrote:
> exim but I would know if it is possible to compare the domain in the
> $sender_adresse_domain and or ${domain:$h_From:} value with the owned in
> local_domain and reject email if it doesn’t match
>
> I tried something like
>
> condition = ${if
> !match{${domain:$h_From}}{${domain:+local_domains}}{yes}{no}}


${domain:...} takes an email address and turns it into a domain. It
does not distribute across lists, and +local_domains is typically a
domainlist, so only contains domains. So the second ${domain:...} here
should go.

Also, the ":" at the end of "$h_From:" is necessary.

> or
>
> condition = ${if
> !match{${domain:$sender_address_domain}}{${domain:+local_domains}}{yes}{no}}


$sender_address_domain == ${domain:$sender_address} so both
${domain:...} rules here should go.

Are these on the Router which handles the mail, or in an ACL on a deny
statement? I'm guessing that they're in an ACL.

  deny !hosts = 127.0.0.1
       condition = ${if !or{\
         {match_domain{${domain:$rh_From:}}{+local_domains}}\
         {match_domain{$sender_address_domain}{+local_domains}}\
         }}
       message = "Can only send from one of our local domains"


[WARNING: untested]

Note that I used $rh_From: -- the "r" for raw avoids MIME decoding,
which you don't care about because you're just taking the domain anyway.

> but I need
> this to work also for localhost 127.0.0.1 outgoing email


I parsed this to mean "exempt localhost from these checks". Thus the
"!hosts" part of the above example text.

If instead you mean "need this to work for locally submitted mail which
was not submitted with SMTP", then you might want to look at the
"acl_not_smtp" ACL hook. You define an ACL and then, earlier in the
configuration file, assign it to the "acl_not_smtp" hook in the main
configuration section.

Take a look at:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECID190

-Phil