Re: [exim] Local / Non SMTP Connections Bypassing ACLs

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jasen Betts
Data:  
Para: exim-users
Assunto: Re: [exim] Local / Non SMTP Connections Bypassing ACLs
On 2018-03-01, Brian Spraker via Exim-users <exim-users@???> wrote:
>
>
>     On Thursday, March 1, 2018, 3:17:27 PM CST, Ian Zimmerman via Exim-users <exim-users@???> wrote:  

>
> On 2018-03-01 19:51, Brian Spraker wrote:
>
>>> acl_not_smtp
>
>> I can use the typical SpamAssassin checks in here without needing exiscan?
>
> The spec says: (Section 43.3)
>
> The acl_not_smtp ACL is run just before the local_scan() function.
>
> I take that to mean that you can do anything there that you can do in
> acl_smtp_data, provided of course you don't refer to SMTP specific items.
> Thank you Ian.  Went through and had to do quite a bit of removal of
> some ACLs for that to work.  the acl_not_smtp cannot check for
> authentication (duh..),


> cannot check receipients (which is odd?)


you have $recipients, you can loop over that list using forall or
forany if you need to

eg:
condition = ${if forall{<, $recipients}{acl {nonsmtp_rcpt_check}{$item}}}

I'm not certain that $recipients is an exim list, so this will fail if
any of the email addresses contain commas.

The SMTP ACLs follow the progress of the SMTP (or LMTP) transaction,
the nonsmtp ACL covers the case where there is no transaction and the
email is submitted in a single action.

--
This email has not been checked by half-arsed antivirus software