Robert... Funny, when I first inquired about this sometime back, nobody seem to know or give a hoot.. Anyway, I did the PHP script due to not wanting to mess up the exim config. Is it possible for me to setup the config elsewhere (like a Exim filter .forward?) coz I really don't want to mess up the main config file. Please advise.
Additionally, I didn't want to send back a reply to the non-valid users, for the fear of spam mails... Best regards, Au Yong -----Original Message----- From: Robert Kehl [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 7:53 PM To: User questions and discussions about OTRS. Subject: [otrs] [Contrib] ACL mail filter script for Exim MTA On Wednesday, November 05, 2003 11:07 AM Au Yong Tien Chee <[EMAIL PROTECTED]> wrote: >> Finally, I've managed to make a filter to do what I really wanted. >> I'm on a Linux platform using CPanel server, that uses Exim MTA. >> Procmail and all won't work, so my best bet was to make an Exim >> filter, but I was too lazy to learn that, and mess up the Exim >> config... As you seem to use a quite simple form of parsing for the sender's address in your php script, you'd better depend on exim's capabilities here. For sure exim has to be compiled with MySQL support (./configure --with-mysql) for this. In other words: Use exim, if you can. Here it goes: Add this line somewhere in the beginning of your exim's config file, before any 'begin': hide mysql_servers = hostname/otrs/username/password Or, if you'd like to use un*x sockets on the local machine, this would be enough instead: hide mysql_servers = /otrs/username/password We protect the sensitive username/password data by using 'hide' when non-admins issue a 'exim -bP' on the command line for increased security. Do not omit it. Create an acl statement in the acl_check_rcpt section: accept recipients = [EMAIL PROTECTED] endpass senders = : mysql;\ select email from customer_user where \ email='${quote_mysql:$sender_address}' message = Sorry, you are not authorized \ to use our OTRS support system. The statement is best copy'n'pasted due to its simplicity ;) and should be placed after the line that says require verify = sender and therefore before the one that checks for a valid local recipient, which would accept the mails before we could get a chance check the sender. So, the order of ACL statements matters! What does it do? It first checks if the recipient's address of the message exim is looking at matches the email address your OTRS system uses. If it doesn't, the message is not designated for OTRS and control is passed onto the next acl statement and processing of the email takes place as regular. In a mail sent to [EMAIL PROTECTED], the sender (if not empty, to catch bounce messages) is checked against the OTRS datababe. If this check fails, we write an explanatory SMTP message to the sender's log file and exim denies the mail, closing the connection automagically. Else it accepts the message and delivers it to the OTRS mailbox from which you can pull it with PostMasterPOP3.pl. Beware, I didn't test the above thoroughly, but derived it from my config, which uses LDAP for a similar purpose, so it should work. Feel free to post any erratic output of exim, see main_log and panic_log for these. hth, Robert Kehl PS: Contact the OTRS GmbH (see below) if you need help with configuring your exim more deeply. We love exim. -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Tel. +49 (0)6172 4832388 _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting f�r Ihr OTRS System? => http://www.otrs.de/ _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting f�r Ihr OTRS System? => http://www.otrs.de/
