Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] If user authenticated and domain local check valid
recipient
Ron White wrote: > I'm struggling with a bit of a logical problem and I want to make sure I
> approach it the right way.
>
> Currently I'm putting together a back up relay/server that will host
> about six low use domains.
>
> I've managed to get it up and working in skeleton form - it accepts mail
> for valid recipients, it authenticates, it kicks out hackers etc but
> I've hit a problem in my logic.
>
> If an external connection comes in trying to deliver mail to one of the
> hosted domains, the rcpt acl checks to see if the user is valid against
> MySQL and it all works as it should. Invalid recipients are kicked with
> a 550.
>
> However, if an authenticated user tries to send mail to a domain that
> happens to be hosted on the same server, but the rcpt is invalid, it
> accepts the mail because there is no condition set on:
>
> accept authenticated = *
>
> Initially I thought 'Just check for valid recipients before checking
> accepting the auth, but that would break things for remote domains
> (don't want to start using callouts).
>
> So I'm looking for a way in pseudo code:
>
> if client is authenticated AND
> domain is not hosted locally
> accept
>
> AND
>
> if client is authenticated AND
> domain IS hosted locally AND
> recipient is NOT valid
> drop with 550 no such user
>
> WITHOUT affecting the ACL for clients that are NOT authenticated.
>
> Just not sure of the best way to do this, or if I can use a couple of
> conditions in an accept stanza.
>
> Any pointers or thoughts gratefully received.
>
> Warm regards
> Ron
>
I have long done a similar test in SQL, but ... I dont' try to do ANY
accept/reject in that test.
What it does instead is to use a 'warn' class verb to set a flag in an
acl_m variable.
That flag is then available for several subsequent tests.
May not be as elegant or efficient as single-clause handling, but it
certainly makes further complexities simpler - and their debugging,
modification, and maintenance.