Re: [exim] different acl data malware settings per recipient…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: maciej jackowski
Datum:  
To: exim-users
Betreff: Re: [exim] different acl data malware settings per recipient domain?
W dniu 06.03.2016 o 22:47, Heiko Schlittermann pisze:
> maciej jackowski <maciej.jackowski@???> (So 06 Mär 2016 21:29:01 CET):
>> Is it possible to run or skip malware scan
>> for specific recipients domains?
>>
>> For example set check condition in ACL DATA via mysql lookup
> Yes, if you manage to "single out" the domains or if you rely on PRDR.
>
> (Though I'm not sure how to do it using PRDR. And I'm not sure if PRDR
> is portable yet, as probably not many MTA connecting to your server
> have support for PRDR).
>
>      MAIL FROM: xxx
>      < OK
>      RCPT TO: xxx1
>      < OK
>      RCPT TO: xxx2
>      < OK
>      DATA
>      …
>      < OK -- implicit OK for all recipients

>
>
> But you can do it as e.g. google does it. Reject the RCPT if it's not
> the same domain as the first recipient. Then, as soon as you reach the
> DATA ACL you're sure that it's one domain only and you can do/skip the
> malware scan depending on the domain. The other domain(s) have
> to retry.
>
> DRAFT, not tested!
>
>      # somewhere in your rcpt acl

>
>      warn condition = ${if !def:acl_m_domain}
>           set acl_m_domain = $domain

>
>      defer !domains = $acl_m_domain

>
>
>      # somewhere in your data acl

>
>          deny    !domains = lsearch;$config_dir/skip_scan
>                   malware = *

>
> DRAFT, not tested!
>
>
>
>      Best regards from Dresden/Germany
>      Viele Grüße aus Dresden
>      Heiko Schlittermann

>
>

Thanks for your suggestions

From what I read PRDR could be the right solution but it is not used
widely :(

I wonder how can I test ACL DATA from command line ?

I think about test your DRAFT code with domains test list

defer domains = testdomain : testdomain2
    !domains = $acl_m_domain


so i can see how it works with real data
Is it safe condition for testing?

I assume this code should go to the top of RCPT ACL ?
right after
accept authenticated rule

regards