[SA-exim] PermReject

Marc MERLIN marc at merlins.org
Thu, 30 May 2002 09:17:45 -0700


---------------------- multipart/signed attachment
On Wed, May 29, 2002 at 05:14:33PM -0700, Marc MERLIN wrote:
> > SAEximRunCond: ${lookup {$local_part} lsearch {/etc/exim/sa_skip} {0}{1=
}}
> =20
> Yep, although you'll probably want this:
> SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_add=
ress}{127.0.0.1}} {! def:h_X-Spam-Flag:} } {1}{0} {${lookup {$local_part} l=
search {/etc/exim/sa_skip} {0}{1}}}}

Sorry, I was busy working while I answered that and didn't think about what
I was saying.
Yes, $local_part will not work in that case, you do need to add a headers
in an RCPT warn ACL, and act on that header here
This also means that you have to decide what to do for all the receipients.
In my case, if one is whitelisted, I accept for all

This however shows that I need another condition:
SAEximRunCond and SAEximRejCond
One to run SA, and one to actually apply the reject rules if we get the
appropriate score.

Note however that SAEximRejCond will only run if SAEximRunCond did run

On Wed, May 29, 2002 at 10:35:52PM -0400, Patrice Fournier wrote:
> Quoting Marc MERLIN <marc@merlins.org>:
>=20
> > > hmmm.. is $local_part really available there? What's in there when
> > No.
>=20
> Ok, so the suggestion to Craig was wrong then..
>=20
> He would need the current SAEximRunCmd and this as ACL:
>   warn     message       =3D X-SA-Disable: yes
>            local_parts   =3D /etc/exim/sa_skip
=20
Yep.
=20
> > > While were at it, as anyone configured sa-exim to scan/reject messages
> > > to some users while accepting it to others?
> >=20
> > I remember having done so

but by using the  above method: you can't do half accept  half reject on one
message, at least  not in any way  that I feel confortable with  and want to
support.

> check that will always defer (or fix the code). You should still see what=
 I
> have in mind. Now, a message which reaches local_scan always have it's
> recipients all wanting the same of running SA or not. If the first
> recipient in the list wants SA to run, every recipients who doesn't will =
be
> temporarily rejected, than all those who wants it will have their message
> passed through SA. After a couple of minutes, the remote server should try
> to send the defered recipients again and this time the recipient list will
> contain only users who doesn't want SA to run and vice-versa.
=20
I don't think that will work in practice, but feel free to try.

Marc
--=20
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet coo=
king
 =20
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP=
 key

---------------------- multipart/signed attachment
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 350 bytes
Desc: not available
Url : http://lists.merlins.org/archives/sa-exim/attachments/4ffcb87b/attachment.bin

---------------------- multipart/signed attachment--