Re: Howto not reject mail to Postmaster etc. in Exim4

To: debian-user@lists.debian.org
Subject: Re: Howto not reject mail to Postmaster etc. in Exim4
From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
Date: Wed, 8 Oct 2003 23:09:54 +0200
Message-id: <[🔎] 200310082309.54101.kjetil@kjernsmo.net>
In-reply-to: <[🔎] 20031008192302.GA17698@zaphod.pweis.com>
References: <[🔎] 200310081735.53565.kjetil@kjernsmo.net> <[🔎] 20031008192302.GA17698@zaphod.pweis.com>

Thanks for the response!

On Wednesday 08 October 2003 21:23, Philipp Weis wrote:
> This is certainly true for postmaster, but I think it would be
> RFC-compliant to reject viruses and spam on abuse or security.

Yeah, I think so too. However, rejecting legitimate mail could be scary 
in either case, for example rejecting a spam complaint to abuse because 
it looks like spam (I imagine spam complaints are rarely 
distinguishable from spam...) is a Bad Idea[tm], though spam could 
never be sent from here. 

> > I'm wondering, how do I set up Exim 4 to let through mail to
> > postmaster, etc., uninspected?
> >
> > I thought these lines from
> >   accept local_parts = postmaster:abuse:security
> >          domains = +local_domains
> > from the standard Debian RCTP ACL config was supposed to do that,
> > but it doesn't...
>
> Well, it does. The recipients are accepted here, but the mail is
> rejected in the DATA ACL later on. 

OK.

>To accept all mail to postmaster
> regardless of their content, you have to set a variable in the RCPT
> ACL, because local_part is not available in the DATA ACL.

OK. 

> RCPT:
> accept local_parts = postmaster
>        domains = +local_domains
>        set acl_m0 = postmaster
>
> DATA:
> accept condition = ${if eq{$acl_m0}{postmaster} {1}{0}}

Aha, great, thanks!

> Now all mail to postmaster passes your filters. Messages with
> multiple recipients and postmaster among them pass as well, but that
> should not be a problem. 

Indeed, I've so far not seen spam sent to both postmaster and my user, 
so that it passes is quite OK. 

To make it pass if security or abuse is in, I could only extend accept 
local_parts = postmaster to accept local_parts = 
postmaster:abuse:security, right?

>See exiscan-acl-examples.txt.gz section 6
> for further details on multiple recipients.

It wouldn't be a problem in my other case either, with the spamtraps: If 
one of the spamtraps are among the local_parts, I'll reject it anyway, 
as none of the spamtraps will ever get legitimate mail. I would not 
need to differentiate between users in either case.

However, this seems harder now, since, as you said, local_parts is not 
available in DATA ACL... Would I need to set it up in the RCPT ACL 
section to set a variable, and then test on that in the DATA ACL 
section?

Thanks again for the help you provide!

Best,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/        OpenPGP KeyID: 6A6A0BBC

Reply to:

Follow-Ups:
- Re: Howto not reject mail to Postmaster etc. in Exim4
  - From: Philipp Weis <pweis@pweis.com>

References:
- Howto not reject mail to Postmaster etc. in Exim4
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
- Re: Howto not reject mail to Postmaster etc. in Exim4
  - From: Philipp Weis <pweis@pweis.com>

Prev by Date: Re: Rootstrap Failing - is it the debbootstrap problem? or a comms problem
Next by Date: Re: Exim4, Clamav, SA-Exim,
Previous by thread: Re: Howto not reject mail to Postmaster etc. in Exim4
Next by thread: Re: Howto not reject mail to Postmaster etc. in Exim4
Index(es):
- Date
- Thread