Re: [exim] Recipient verify only for non-authenticated users

Góra strony
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
Dla: exim users
Temat: Re: [exim] Recipient verify only for non-authenticated users
Colin wrote:
>
> On 27/10/2011 10:40, Graeme Fowler wrote:
>> On Thu, 2011-10-27 at 10:29 +0100, Colin wrote:
>>> Regardless of what the warn should or should not do, it is in fact the
>>> cause. When that is above the auth line things fail. When it is below,
>>> it succeeds. When I change it to verify = recipient/defer_ok/callout =
>>> ... then it also succeeds. There are no flags being set by that part of
>>> the ACL, it is as I copied it.
>> It's the use of the "require" verb. From the docs:
>>
>>> If all the conditions are met, control is passed to the next ACL
>>> statement. If any of the conditions are not met, the ACL returns
>>> “deny”
>> You'll find that in Ch40:
>>
>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html
>>
>> Graeme
>>
>>
> Hi Graeme, thanks for the reply,
> I am unsure that I follow it completely. In my understanding, the
> require verify should only apply if the condition is met.


Not so. The ONLY condition that applies to that 'require' is the one
immediately following it on its OWN line...


>
> How it should behave:
> If recipient domain is in /etc/staticroutes then do a recipient callout
> verification. If the verification fails with a permenant error, reject
> message. If the verification fails with a temporary error, accept and
> queue for retry.
>
> No recipient verification callouts should occur if the recipient is not
> in /etc/staticroutes (ie the condition is not matched).
>
> This is not what happens because recipient verification callouts are
> happening (and failing) on domains not in /etc/staticroutes.
>
> Regards,
> Colin
>


Re-write it this way (fix MUA line-wrap!):

=====

deny

## do a check for presence in static routes file

condition  =  ${if eq {1}{${lookup{$domain}lsearch \
        {/etc/staticroutes}{1}{0}}}}


## .. carry-on if found, bail-out if not found

!condition = verify recipient/callout=30s,defer_ok,use_sender

## having arrived here IF found in the static routes file...
## attempt recipient verification by callout
## trigger the 'deny' entry verb if callout FAILS
## ( the '!condition' of success)

=====

Bill

--
韓家標