Re: [exim] Selecting rewriting flags based on a condition

Top Page
Delete this message
Reply to this message
Author: Mike Brudenell
Date:  
To: Exim Users
Subject: Re: [exim] Selecting rewriting flags based on a condition
On 11 January 2018 at 21:37, Jeremy Harris <jgh@???> wrote:

> On 11/01/18 17:53, Mike Brudenell via Exim-users wrote:
> > I'd like to rewrite both Envelope and header addresses if the connection
> is
> > from an on-site IP address, but only the Envelope otherwise.
>
> Since you have adopted the Mortal Sin (per Chapter 31, Section 1)...
>


Yup, terrible isn't it… :-)

I've given up trying to get people to use our one true "Do Not Reply" email
address, them ignoring me, then complaining because their messages don't
get through because the sender address isn't valid. So the most common
variants are being rewritten. 😭 (I'd therefore argue this is actually a
venial sin, not a mortal one.)



> Two separate rewrite rules; for E and h. Make the latter have a pattern
> which expands to something that will only match for an on-site source;
> never for off-site.
>


Ah-ha! I should have thought to split it into two rules!

I wasn't sure I could think of a pattern that only matches on-site sources
though; potentially an external sender could set/forge anything. So what
I've done instead is have two rules with identical patterns: the first
rewrites Eh and the second E only.

The cunning bit is putting the conditional test in the first rule and have
it either expand to the replacement value or *fail*. If the expansion *fail*s
no rewriting is done, it passes on to the second rule, which matches and
unconditionally rewrites (but only the envelope).

#       Rewrite incorrect forms of our <do-not-reply@???> address,
but only for
#       locally originated messages.
\N^(?i)(?:donotreply|do_not_reply|no-?reply)@york\.ac\.uk$\N    \
        "${if or{ \
                 {def:authenticated_id} \
                 {! def:sender_host_address} \
                 {match_ip {$sender_host_address} {CAMPUS_IP_ADDRS}} \
               } \
             {do-not-reply@???} \
             fail}"     \
        Eh


\N^(?i)(?:donotreply|do_not_reply|no-?reply)@york\.ac\.uk$\N
do-not-reply@???         E


Thanks, Jeremy, for the clue as to the two-rule direction!
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm