[exim] compound acl

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Tim Clarke
Dátum:  
Címzett: EXIM-USERS
Tárgy: [exim] compound acl
Hi

I have a fairly complex exim acl arrangement that will black/grey/white
list incoming emails, but also allows the checking to be sidsetepped
when a specific 'long' receiver-name is used by the sender, eg
timxyz28965 (which is aliased to my real name - as per his email!).
This has been working very well, but I noticed the other day that
someone to who I had provided the special address must have had their
'outlook' address list harvested, as I received an email to the
special-name purporting to come from someone in Russia claiming to have
met me and enclosing an attachment (the email actually came via
aliceposta.it)

I am thinking of dealing with this potential ongoing issue by adding to
my acl something like this:

accept local_parts = ^timxyz28\\d{3}
        set acl_m7  = ${readsocket{/tmp/mail_check} \
                      {$sender_address%}{5s}{}{X}}
        condition   = ${if eq {$acl_m7}{Y}{true}{false}}


On the basis that:
1) readsocket will only run if local_parts true
2) the condition is checked only if local_parts is true
3) accept will only happen if the condition is true

The mechanism behind it (/tmp/mail_check) consults an external cobol
database
that contains a list of unacceptable users and domains and returns N if
not to be accepted (found) , or Y if not found in the database.

I think the order of the subsidiary statements is correct, but my
knowledge of how exim deals with acl statements is somewhat empirical.

I wonder if the following compound condition would work?:
accept local_parts = ^timxyz28\\d{3}
condition = ${if eq
${readsocket{/tmp/mail_check{$sender_address%}{5s}{}{X}}\
{Y}{true}{false}}

Any comments/suggestions welcome

thanks
Tim Clarke

ps: no spell-checking on this so forgive my rubbish typing