Gitweb:
https://git.exim.org/exim.git/commitdiff/b220576b3ba5396af6b3e0f45739f269079f8fc5
Commit: b220576b3ba5396af6b3e0f45739f269079f8fc5
Parent: 6db8b72c861b99114bdcb9188abfe20bc77e67d2
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Jan 12 20:47:23 2019 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Jan 12 20:47:23 2019 +0000
Add basic framework for PRDR use with per-user content filters to example config.
Mostly commented-out and with dummy lookups since we do not know what sorts
of filtering may be employed.
---
src/src/configure.default | 49 +++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 47 insertions(+), 2 deletions(-)
diff --git a/src/src/configure.default b/src/src/configure.default
index c053466..838926f 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -107,8 +107,9 @@ hostlist relay_from_hosts = localhost
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
-acl_smtp_rcpt = acl_check_rcpt
-acl_smtp_data = acl_check_data
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data_prdr = acl_check_prdr
+acl_smtp_data = acl_check_data
# You should not change those settings until you understand how ACLs work.
@@ -504,12 +505,43 @@ acl_check_rcpt:
# require verify = csa
#############################################################################
+ #############################################################################
+ # If doing per-user content filtering then recipients with filters different
+ # to the first recipient must be deferred unless the sender talks PRDR.
+ #
+ # defer !condition = $prdr_requested
+ # condition = ${if > {0}{$receipients_count}}
+ # condition = ${if !eq {$acl_m_content_filter} \
+ # {${lookup PER_RCPT_CONTENT_FILTER}}}
+ # warn !condition = $prdr_requested
+ # condition = ${if > {0}{$receipients_count}}
+ # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+ #############################################################################
+
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept
+# This ACL is used once per recipient, for multi-recipient messages, if
+# we advertised PRDR. It can be used to perform receipient-dependent
+# header- and body- based filtering and rejections.
+# We set a variable to record that PRDR was active used, so that checking
+# in the data ACL can be skipped.
+
+acl_check_prdr:
+ warn set acl_m_did_prdr = y
+
+ #############################################################################
+ # do lookup on filtering, with $local_part@$domain, deny on filter match
+ #
+ # deny set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+ # condition = ...
+ #############################################################################
+
+ accept
+
# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.
@@ -549,6 +581,19 @@ acl_check_data:
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report
+ #############################################################################
+ # No more tests if PRDR was actively used.
+ # accept condition = ${if def:acl_m_did_prdr}
+ #
+ # To get here, all message recipients must have identical per-user
+ # content filtering (enforced by RCPT ACL). Do lookup for filter
+ # and deny on match.
+ #
+ # deny set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+ # condition = ...
+ #############################################################################
+
+
# Accept the message.
accept