hi all, i'm migrating from a global DNSBL check to a per-user-specified list capability.
in summary, i've 3 questions(1) when in the mail transaction is each Exim variable FIRST available/defined?
(2) what is the order of execution of acls?(3) how can do BOTH and acl_connect default/global DNSBL check, and a later acl_rcpt per-user spec?
the rather lengthy details/context leading up to these questions follows below ... perhaps they'll help another, as well =)
if you've got a few minutes, shared wisdom is, as always, is appreciated!
thx!
richard
========================================
1st, defining my DNSBL check in an aux acl:
aux_check_dnsbl:
deny set acl_m9 = REJECTED[dnsbl] - \
BLACKLISTED:[$sender_host_address] \
@ $dnslist_domain ${if def:dnslist_text
{(\n$dnslist_text)}}
message = $acl_m9
log_message = LOG_HDR: $acl_m9
dnslists = MY_RBLS
accept
i started with:
(1) a global list of RBLs,
MY_RBLS = sbl-xbl.spamhaus.org : relays.ordb.org : relays.mail-abuse.org :
list.dsbl.org
... acl_smtp_connect: require acl = aux_check_dnsbl works great. (2) then adding an external per-user list of RBLs, with a fixed recipient % cat LISTS/domains.dnsbls [EMAIL PROTECTED] list.dsbl.org [EMAIL PROTECTED] relays.ordb.org* sbl-xbl.spamhaus.org : relays.ordb.org : relays.mail-abuse.org : list.dsbl.org
testing a lookup with:
% exim -be '${lookup\
[EMAIL PROTECTED]
[EMAIL PROTECTED]
{LISTS/domains.dnsbls}\
}'
returns, as expected:
relays.ordb.org
and, then,
MY_RBLS = ${lookup\
[EMAIL PROTECTED]
[EMAIL PROTECTED]
{LISTS/domains.dnsbls}\
}
...
acl_smtp_connect:
require acl = aux_check_dnsbl
ALSO works as expected ...
(3) finally, moving to a looked-up recipient
MY_RBLS = ${lookup\
{${lc:[EMAIL PROTECTED]
[EMAIL PROTECTED]
{LISTS/domains.dnsbls}\
}
...
acl_smtp_connect:
require acl = aux_check_dnsbl
unfortunately, kept checking against the lsearch fallthrough key="*", resulting
in the assigned RBL list of:
sbl-xbl.spamhaus.org : relays.ordb.org : relays.mail-abuse.org : list.dsbl.org
it, unfortunately, took awhile for it to dawn on me that: $local_part $domainare not yet available in the "connect" acl ... and that I have to move to a later ACL.
since i've defined/use policy of:
acl_smtp_connect = acl_check_connect
acl_smtp_helo = acl_check_helo
acl_smtp_mail = acl_check_mail_from
acl_smtp_mime = acl_check_mime
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acls, i'm fairly certain that including & after acl_smtp_rcpt i'm ok ...
so, yup. a huge waste of time. i probably shoulda known better. ESPECIALLY
for something like user identity. ANYWAY, i learned some lessons i won't
forget.
that said, i've a couple of questions:(1) does a good reference table exists somewhere amidst all these mountains of documentation that defines WHEN in the transaction each Exim variable is FIRST available/defined
(2) is there a statement/definition of the order of execution of acls? i've found a number of messages that admit "it's sometimes hard to understand/remember", but haven;t (yet) found something definitive ...
(3) the obve example started with a global DNSBL check early, in _connect ACL, presuming that its a high-value check that trades exim condition/filter cycles for offloaded DNSBL checks ...
i'd STILL like to have the default behavior of my server be run the check early in connect UNLESS i've a user-defined exception list. problem is, that the moment i add the per-user specs, i HAVE to wait for the ID of the user ... i.e., 'til the rcpt acl.
is there another approach that might give me BOTH the early default check, AND the later per-user checks?
cheers! richard
pgpIgbcy1hI5H.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
