Re: [exim] Local / Non SMTP Connections Bypassing ACLs

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Andrew C Aitchison
Data:  
Para: Brian Spraker
CC: exim-users
Assunto: Re: [exim] Local / Non SMTP Connections Bypassing ACLs

On Thu, 1 Mar 2018, Brian Spraker via Exim-users wrote:
> I can use the typical SpamAssassin checks in here without needing exiscan?


On Thursday, March 1, 2018, 3:17:27 PM CST, Ian Zimmerman via Exim-users <exim-users@???> wrote:
IZ> acl_not_smtp

IZ>
IZ> The spec says: (Section 43.3)

IZ>
IZ> The acl_not_smtp ACL is run just before the local_scan() function.

IZ>
IZ> I take that to mean that you can do anything there that you can do in
IZ> acl_smtp_data, provided of course you don't refer to SMTP specific items.


On 2018-03-01 19:51, Brian Spraker wrote:
BS> Thank you Ian.  Went through and had to do quite a bit of removal
BS> of some ACLs for that to work.  the acl_not_smtp cannot check for
BS> authentication (duh..), cannot check receipients (which is odd?),
BS> and can't check for invalid local_parts (which is odd?).  Unless
BS> there is another acl_not_smtp ACL where that data needs checked.
BS> The acl_not_smtp ACL I ended with will add a message ID (if one
BS> doesn't exist), check for mime defects, file
BS> extensions/attachments, malware, odd symbols (chinese symbols,
BS> NUL, etc), and do the SpamAssassin checking.
BS> At the end of the day, that was the primary goal and it is all good.


Section 43.3
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTaclconditions
also mentions acl_not_smtp_start (see the restriction on
rejecting messages) and, if suitably compiled, acl_not_smtp_mime.