Hi, First of all, thank you for reading this message.
Some time ago, I had a lot of problems with bounces being received, because the From field was forged by spammers. I did this by following http://psg.com/%7Ebrian/software/authbounce/configure-authbounce.txt. However, as this message states, it's not a very good solution, some problems are being caused by it. I was wondering, I now have this: <do some RBL stuff> # default at end of acl causes a "deny", but line below will give # an explicit error message: deny message = relay not permitted # ACL that is used after the DATA command check_message: deny senders = : condition = ${if ! eq{$recipients_count}{1}{1}} message = Bounces must have only a single recipient deny senders = : ! condition = ${if match \ {$message_body $message_body_end} \ {[xX]-bounce-key:\\s*BOUNCE_ID;${rxquote:${lc:$recipients}};(\\d+);(\\w+)} \ {${if eq {$2} \ {${length_8:${md5:BOUNCE_ID;${lc:$recipients};$1;BOUNCE_SECRET}}} \ {${if <{${sg{${eval:$tod_epoch-$1}}{-}{}}}{864000}{1}}}}}} message = Bounce does not contain a valid X-bounce-key signature so not accepting message accept But what I want to try now, is creating compatibility for the widly used 'Disposition' header, so all messages with this tag (or 'Disposition-Notification-To' tag) should be accepted before the bounce-key is checked (which is created by using the headers_add on remote_smtp time). But my knowledge of the ACL system isn't very more than just being able to read most of it. Could something like this work? # ACL that is used after the DATA command check_message: deny senders = : condition = ${if ! eq{$recipients_count}{1}{1}} message = Bounces must have only a single recipient accept senders = : regex = [dD]isposition.*: deny senders = : ! condition = ${if match \ {$message_body $message_body_end} \ {[xX]-bounce-key:\\s*BOUNCE_ID;${rxquote:${lc:$recipients}};(\\d+);(\\w+)} \ {${if eq {$2} \ {${length_8:${md5:BOUNCE_ID;${lc:$recipients};$1;BOUNCE_SECRET}}} \ {${if <{${sg{${eval:$tod_epoch-$1}}{-}{}}}{864000}{1}}}}}} message = Bounce does not contain a valid X-bounce-key signature so not accepting message accept That way I accept messages, which aren't yet processed by the bounce-key check, which sometimes won't contain the bounce key, but will most likely have Disposition somewhere in the message (header or body). But if this would work, all messages with the word disposition with a ':' after it, will just be accepted, so I also want to add a condition; the bounce-key should *not* exist. That way messages without an bounce key, but with disposition will be accepted, and other messages will just be checked by the standard bounce-key checker. Am I on the right track here? If not, could anyone perhaps kick me to the right track? -- Regards, Sebastian Berm -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
