|
Size: 2151
Comment:
|
← Revision 7 as of 2008-02-19 15:39:16 ⇥
Size: 1772
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| You need to add things to three different ACLs; the one used on MAIL FROM, the one used on RCPT TO, and the one used on DATA. The general idea is that on "MAIL TO", we set an ACL variable specific for this message to "yes", if we get a RCPT TO someone who wants the check turned off then we set the variable to "no", and finally in DATA we use the variable as a condition about whether to apply the check or not. | You need to add things to two different ACLs; the one used on RCPT TO, and the one used on DATA. The general idea is that we use a variable that gets reset for each message, and if we get a RCPT TO someone who wants the check turned off then we set the variable to "no" (it doesn't actually matter what value we pick), and finally in DATA we use whether the variable is set or not as a condition about whether to apply the check or not. |
| Line 8: | Line 8: |
| So, first in the MAIL FROM ACL (the one chosen by the setting acl_smtp_mail), add the following at the top. The "warn" condition doesn't do anything but set the variable, because there's no "message" line in it. {{{ warn set acl_m0 = yes accept }}} Next, in the RCPT TO ACL, add the following at the top: |
In the RCPT TO ACL, add the following at the top: |
| Line 22: | Line 16: |
| deny condition = $acl_m0 | deny condition = ${if def:acl_m0{no}{yes}} |
| Line 27: | Line 21: |
| If you have several different checks you want to perform, then repeat this lot using a new ACL variable. You from $acl_m0 to $acl_m9 to play with. We could probably do without the MAIL FROM ACL item, because the acl_m? variables get reset for each new message; it'd just make the condition in the DATA ACL a bit more complicated. |
If you have several different checks you want to perform, then repeat this lot using a new ACL variable. You have from $acl_m0 to $acl_m9 to play with. ---- CategoryComputingTips |
Suppose you want to reject certain emails based on some aspect of their content at SMTP time, but some of your users object to this policy. Ideally, you want to let the emails through to just those users, but in general this isn't possible - a message may come with multiple RCPT TOs, some of whom want to receive it and some of whom don't, but you can only decide to reject individual recipients (as opposed to the whole message) at RCPT TO time, not after the DATA is received; but until DATA you don't know whether the content is nasty or not.
One possible option is to only reject the email if *every* recipient has agreed to the content filtering. Here's one way of doing this in Exim 4:
You need to add things to two different ACLs; the one used on RCPT TO, and the one used on DATA. The general idea is that we use a variable that gets reset for each message, and if we get a RCPT TO someone who wants the check turned off then we set the variable to "no" (it doesn't actually matter what value we pick), and finally in DATA we use whether the variable is set or not as a condition about whether to apply the check or not.
In the RCPT TO ACL, add the following at the top:
warn recipients = iwantviruses@yourdomain:ialsowantviruses@yourdomain
set acl_m0 = noFinally, in the DATA ACL, before any accept lines (this check obviously isn't a serious one, it's just an example):
deny condition = ${if def:acl_m0{no}{yes}}
condition = ${if def:header_x-nastyevilvirus:{yes}{no}}
message = nasty evil virusIf you have several different checks you want to perform, then repeat this lot using a new ACL variable. You have from $acl_m0 to $acl_m9 to play with.