On Sun, 07 Sep 2003 23:25:26 GMT, [EMAIL PROTECTED] wrote:
Hi David
> 1) In order to filter mail before tmda gets it, I found it useful to
> add an extra router like
>
> eximfilter:
> driver=redirect
> check_local_user
> file=$home/.eximfilter
> no_verify
> no_expn
> check_ancestor
> allow_filter
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
> condition = ${if exists{$home/.eximfilter} {yes} {no} }
>
> before the tmdaprocess router for incoming mail.
> Then mailing lists, etc, can be sorted out by putting the appropriate
> lines in a file ".eximfilter"
This is one way to achieve this, you can also do special handling via
tmda's good management features such as black/white lists as well as
incoming and outgoing control files. For example fragment of my incoming
file...
=============================
# Accept all messages from approved domains including mail lists
from [EMAIL PROTECTED] accept
from [EMAIL PROTECTED] accept
from [EMAIL PROTECTED] accept
from [EMAIL PROTECTED] accept
.....
=============================
tmda has good level of control in this area. I took the rationale that as
tmda was acting as the 'gatekeeper' on the addressee level for email I
centralise all that sort of thing in tmda and leave Exim to keep out the
nasties on the mail system level. The new 'DOMAIN' directive in 0.84 also
looks good for managing mail by domain, haven't tried yet though.
> 2) I'm not sure I completely understand the security implications of
> your setup, especially in conjunction with untrusted_set_sender=true.
> Doesn't this let anyone (who can connect to the server) run my TMDA
> filters? Is there an implicit assumption of authentication, even for
> users on the local machine?
Firstly need to note that the "untrusted_set_sender" option type changed
from Exim 3 to 4. In three it was boolean, in 4 it is of type address list
which gives you finer control. It is not a security risk as it allows non-
admin users to only change envelope sender addresses - and only on their
own outgoing emails. The authentication is by virtue of them being a user
with valid logon. If you have a look at untrusted_set_sender in section 13
of the Exim spec doc you can find more detail.
Re: my setup you mention have you taken from a previous posting or from
FAQ's I wrote - just curious because I have changed it a bit since I
started using tmda.
Patrick
_____________________________________________
tmda-users mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-users
