Re: [exim] Different auth validation fore relay and local do…

Top Page
Delete this message
Reply to this message
Author: Phillip Carroll
Date:  
To: exim-users
Subject: Re: [exim] Different auth validation fore relay and local domains
On 12/17/2014 4:23 PM, Bertrand Cherrier wrote:
> Greetings,
>
> I’m in need for help !
>
> My goal is to validate sender domain with auth domain for relay enabled domains (usually only one account is used for theses users)
> And also to validate sender address with auth address for local virtual domains
>
> I thought I could do it this way :
>
>    deny
>          domains         = +relay_domains
>          authenticated   = *
>          condition       = ${if eq{$sender_address_domain}{${domain:$authenticated_id}}{no}{yes}}
>          message         = domaine authentifié et domaine mail non identiques
>          log_message     = DENY RELAY : $sender_address_domain is not equal to {domain:$authenticated_id}

>
>    deny
>          domains         = +local_domains
>          authenticated   = *
>          condition       = ${if eq{$sender_address}{$authenticated_id}{no}{yes}}
>          message         = adresse authentifiée et adresse mail non identiques
>          log_message     = DENY : $sender_address is not equal to $authenticated_id

>


In exim manual Chapter 11.6:

   ${domain:<string>}
      The string is interpreted as an RFC 2822 address and the domain is 
extracted from it. If the string does not parse successfully, the result 
is empty.


$authenticated_id is a login ID representation, whose value is dependent
on server_set_id setting in the authenticator, which your query does not
show. In general, the value of this id is NOT an RFC 2822 address. If it
isn't, ${domain:$authenticated_id} will expand to the empty string,
which will not match $sender_address_domain, and likewise
$sender_address will not match $authenticated_id.

> But if it passes the first (relay domain) it gets rejected by the second :(
> Obviously it doesn’t care about the domains = directive and does exactly the same if I comment out authenticated
>
> I must have missed something and/or I just don’t get how the domains directive works
> Can someone please explain it to me and point me in the right direction ?
>
> Thank you
>
>   <https://www.mls.nc/>             Bertrand Cherrier, Administrateur Systèmes
>     b.cherrier@??? <mailto:b.cherrier@micrologic.nc>             www.mls.nc <https://www.mls.nc/>    
>     @micrologicnc <http://twitter.com/micrologicnc>             Sur facebook <https://www.facebook.com/mls.nc>
> Téléphone: 24 99 24
> VoIP: 65 24 99 24
> Service Clientèle: 36 67 76 (58F/min)

>