Auteur: soumya tr Datum: Aan: exim-users@exim.org Onderwerp: Re: [exim] Blacklisting users from sending out mails.
Hi Odhiambo,
Let me give you a brief context:
Its a cpanel server. I was using the above given conditions under
acl_smtp_data. I was trying to automate it by adding the content in the
file /etc/exim.conf.local [the data in file /etc/exim.conf.local is apended
to /etc/exim.conf, when /scripts/buildeximconf is run].
What I added was :
-----------
acl_smtp_datacustom:
# Deny Messages if they are not from local_domains (Spoof prevention)
discard message = Message denied - From address spoofing attempt detected
! condition = ${if match{$h_from:}{$primary_hostname} {true}{false}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}lsearch{/etc/localdomains}{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{false}}}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}lsearch{/etc/remotedomains}{${sg{${extract{2}{@}{$h_from:}}}{>|
.*}{}}}{false}}}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}lsearch{/etc/localdomains}{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{false}}}}
! condition = ${if eq{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{${lookup{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}lsearch{/etc/remotedomains}{${sg{${extract{2}{@}{$h_to:}}}{>|
.*}{}}}{false}}}}
...
...
acl_smtp_data = acl_smtp_datacustom
-----------
The issue with this is, only the checks/conditions under
'acl_smtp_datacustom:' will be checked. The default 'acl_smtp_data:' has
many other important checks/conditions.
Another approach is to just append all the default checks/conditions to the
file /etc/exim.conf.local, which is around 100+ lines of code and is
difficult to manage.
I tried to add the above acl condition under 'acl_smtp_predata:', but it
didn't work as expected, because header lines added by MAIL or RCPT ACLs
are not visible at 'acl_smtp_predata:', but is visible at acl_smtp_data
level :(
Is there any other acl where I can add the above given condition and make
it work? And as the ACL approach was not working as my requirement, I
thought of adding it under router.
Also, as per my understanding the flow of acl calls is like: