The correct way to add a custom ACL for Exim

U

uHost

Verified User
Joined
Mar 14, 2016
Messages
21
I want to add a custom ACL. What is the correct way to customising exim.conf with future updates in mind?

For my particular issue it would help to have a line below the following:
.include_if_exists /etc/exim.blockcracking/auth.conf

If only there was a:
.include_if_exists /etc/exim.acl_smtp_rcpt.conf.custom
 
Just to complete the information and maybe to help others and for future reference:

My need for this is for SpamExperts. What I want is to block direct mail if the domain is setup for SpamExperts. Information taken from:
https://my.spamexperts.com/kb/31/Accept-email-only-from-the-Hosted-Cloud-filter-nodes.html

I created /usr/local/bin/setest:
Code: 
#!/bin/bash
host -t MX $1 | sort -n -k1 | cut -d ' '  -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'

And /usr/local/bin/setestptr:
Code: 
#!/bin/bash
host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'

Made them executable:
Code: 
chmod 755 /usr/local/bin/setest /usr/local/bin/setestptr

Created /etc/exim.acl_smtp_rcpt.conf.custom:
Code: 
#########################################################################################################################
## Start SpamExperts verification
defer
!condition = ${if match_domain{${run {/usr/local/bin/setestptr $sender_host_address}}}{*.antispamcloud.com}}
	set acl_m_mx_records = ${run {/usr/local/bin/setest $domain}}
	condition   = ${if eq{$acl_m_mx_records}{mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}}
	message = Please deliver mail to the address specified in the MX records for this domain.
## End SpamExperts verification
#########################################################################################################################

And finally added a line to exim.conf (below the line .include_if_exists /etc/exim.blockcracking/auth.conf):
Code: 
.include_if_exists /etc/exim.acl_smtp_rcpt.conf.custom

Hope this helps. Having the line with the custom rcpt check added to exim.conf would not break anything so it would be nice if this could be added to CustomBuild.
 
If you want to allow local delivery if a user is autheticated (i.e. you don't want to enforce outgoing through SpamExperts) you can change th eacl to:
Code: 
#########################################################################################################################
## Start SpamExperts verification
defer
!condition = ${if match_domain{${run {/usr/local/bin/setestptr $sender_host_address}}}{*.antispamcloud.com}}
	set acl_m_mx_records = ${run {/usr/local/bin/setest $domain}}
	condition   = ${if eq{$acl_m_mx_records}{mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}}
	!authenticated = *
	message = Please deliver mail to the address specified in the MX records for this domain.
## End SpamExperts verification
#########################################################################################################################
 
You must log in or register to reply here.
Back
Top