[exim] Blowfish auth
Hi guys is possible to use blowfish password scheme in exim? I have some users stored on a DB with a blowfish crypted password, used by Dovecot The dovecot server is on a different server than the exim one so i can't use sockets and native dovecot auth in exim (AFAIK, is not possible to use a remove dovecot auth as auth server in exim) Best way would be to login natively in exim by using a blowfish crypted password. Is this possible ? -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] MySQL connection with SSL
Hi all another question: a new mysql server i've created has SSL required for all connections. How can I setup exim to use an SSL connection to mysql server ? (no, using external tunnels is not a solution, it would add a SPOF and an additional layer to maintain). Is SSL supported by exim ? -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
On Thu, 16 May 2024, Gandalf Corvotempesta via Exim-users wrote: Hi guys is possible to use blowfish password scheme in exim? I have some users stored on a DB with a blowfish crypted password, used by Dovecot The dovecot server is on a different server than the exim one so i can't use sockets and native dovecot auth in exim (AFAIK, is not possible to use a remove dovecot auth as auth server in exim) Best way would be to login natively in exim by using a blowfish crypted password. Is this possible ? Is PAM authentication a sensible option in your case ? -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
Il giorno gio 16 mag 2024 alle ore 12:36 Andrew C Aitchison ha scritto: > Is PAM authentication a sensible option in your case ? It could be... as long i'm able to autheticate to users stored on mysql -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
Am 16.05.24 um 11:30 schrieb Gandalf Corvotempesta via Exim-users: is possible to use blowfish password scheme in exim? Everything is possible with Exim+Perl: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-embedded_perl.html -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
On 16/05/2024 11:11, Gandalf Corvotempesta via Exim-users wrote: another question: a new mysql server i've created has SSL required for all connections. How can I setup exim to use an SSL connection to mysql server ? Use a Mysql option file giving the required connection specifications. See https://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECTsql on "option group name". -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
As Kai says... everything is possible with Exim+PERL. I store user authentication details in salted SHA256 in a MySQL backend and have Exim call a PERL shim that performs a web-services call to localhost:8080 where Nginx runs my authenticator (written in PHP). The authenticator receives a POST with IP address/username/password in JSON and returns a HTTP 204 (Success, No Data) or HTTP 403 (Forbidden). The PERL running in Exim then translates this to accept/reject based on the 204 or 403. Mike On 16/05/2024 11:58, Kai Bojens via Exim-users wrote: Am 16.05.24 um 11:30 schrieb Gandalf Corvotempesta via Exim-users: is possible to use blowfish password scheme in exim? Everything is possible with Exim+Perl: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-embedded_perl.html -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
On Thu, May 16, 2024 at 12:33 PM Gandalf Corvotempesta via Exim-users < exim-users@lists.exim.org> wrote: > Hi guys > is possible to use blowfish password scheme in exim? > I have some users stored on a DB with a blowfish crypted password, > used by Dovecot > The dovecot server is on a different server than the exim one so i > can't use sockets and native dovecot auth in exim (AFAIK, is not > possible to use a remove dovecot auth as auth server in exim) > > Best way would be to login natively in exim by using a blowfish > crypted password. > Is this possible ? > I think you could do proxy authentication with a local instance of Dovecot running on your Exim server. https://fuerstnet.de/post/2021-07-30-proxy-imap-pop-smtp-using-dovecot-and-postfix/ -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
On Thu, May 16, 2024 at 2:40 PM Odhiambo Washington via Exim-users <
exim-users@lists.exim.org> wrote:
>
>
> I think you could do proxy authentication with a local instance of Dovecot
> running on your Exim server.
>
> https://fuerstnet.de/post/2021-07-30-proxy-imap-pop-smtp-using-dovecot-and-postfix/
>
>
Yes, and this lets you use a persistent key-value store like Valkey or
Redis instead of passwd file if you wish.
In the paragraph starting with "Last todo is switching Postfix to
authenticate using Dovecot", there is an example for how to ensure that
authentication is available for the Postfix user. This can likely be
simplified a bit if the system has no other uses than being an SMTP server,
and only the system administrator has access. Example from dovecot.conf in
a Debuntu install:
service auth {
unix_listener auth-client {
user = Debian-exim
}
}
--
Jan
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
Dňa 16. mája 2024 12:39:02 UTC používateľ Odhiambo Washington via Exim-users napísal: > I think you could do proxy authentication with a local instance of Dovecot >running on your Exim server. >https://fuerstnet.de/post/2021-07-30-proxy-imap-pop-smtp-using-dovecot-and-postfix/ Or do UDS -> socat -> TCP -> socat -> UDS bridge... Anyway, would be great, if exim can use system's crypto library, to support all system's password hash formats. regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
Il giorno gio 16 mag 2024 alle ore 14:39 Odhiambo Washington ha scritto: > I think you could do proxy authentication with a local instance of Dovecot > running on your Exim server. > https://fuerstnet.de/post/2021-07-30-proxy-imap-pop-smtp-using-dovecot-and-postfix/ I prefere to not add additional software. Additional SPOF, additional maintenance -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
Il giorno gio 16 mag 2024 alle ore 14:32 Mike Tubby G8TIC via Exim-users ha scritto: > > As Kai says... everything is possible with Exim+PERL. > > I store user authentication details in salted SHA256 in a MySQL backend > and have Exim call a PERL shim that performs a web-services call to > localhost:8080 where Nginx runs my authenticator (written in PHP). The > authenticator receives a POST with IP address/username/password in JSON > and returns a HTTP 204 (Success, No Data) or HTTP 403 (Forbidden). The > PERL running in Exim then translates this to accept/reject based on the > 204 or 403. Wow that's absolutely overkill :-) I think would be easier to directly use perl to check the hash against the mysql db -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
Il giorno gio 16 mag 2024 alle ore 12:59 Kai Bojens via Exim-users ha scritto: > Everything is possible with Exim+Perl: > > https://www.exim.org/exim-html-current/doc/html/spec_html/ch-embedded_perl.html Do you have an example how to use perl for smtp auth ? I've never used perl in my Exim configurations. (anyway: only salted md5 passwords are supported natively or anything better?) -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
Il giorno gio 16 mag 2024 alle ore 13:01 Jeremy Harris via Exim-users ha scritto: > Use a Mysql option file giving the required connection specifications. > > See > https://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECTsql > on "option group name". EXACTLY THAT ! thank you -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
Il giorno gio 16 mag 2024 alle ore 15:39 Gandalf Corvotempesta ha scritto: > EXACTLY THAT ! > thank you .. but it doesnt' work hide mysql_servers = 10.23.105.2[exim]/mail/username/dsHg*Qw!eNt6n%nH # cat /etc/mysql/mariadb.conf.d/99-exim.cnf [exim] ssl-mode=REQUIRED (ssl-mode default's is PREFERRED, so it should automatically try to use SSL when possible, but it doesn't work even when forcing) -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
On 16/05/2024 15:41, Gandalf Corvotempesta via Exim-users wrote: hide mysql_servers = 10.23.105.2[exim]/mail/username/dsHg*Qw!eNt6n%nH # cat /etc/mysql/mariadb.conf.d/99-exim.cnf [exim] ssl-mode=REQUIRED Run a test using "exim -be" of a mysql expansion, under strace. Is that file accessed? -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
On 2024-05-16 Slavko via Exim-users wrote: [...] > Anyway, would be great, if exim can use system's crypto library, > to support all system's password hash formats. crypteq should already do that. cu Andreas -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
On 16/05/2024 18:03, Andreas Metzler via Exim-users wrote:
On 2024-05-16 Slavko via Exim-users wrote:
[...]
Anyway, would be great, if exim can use system's crypto library,
to support all system's password hash formats.
crypteq should already do that.
Unfortunately it does not. There is specific code handling
{md5} / {sha1} / {crypt} / {crypt16} spotted in the already-crypted
(second) argument, deciding what sort of encryption to apply to
the cleartext (first) argument before comparison.
Calling a ${perl } expansion in an authenticator's server_condition option
(thanks, Kai!) sounds like the best bet. Looks like you need
both Crypt::Blocwfish and Crypt::CBC though.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Blowfish auth
Il giorno gio 16 mag 2024 alle ore 19:32 Jeremy Harris via Exim-users
ha scritto:
> Calling a ${perl } expansion in an authenticator's server_condition option
> (thanks, Kai!) sounds like the best bet. Looks like you need
> both Crypt::Blocwfish and Crypt::CBC though.
Is what' i'm trying but seems that DBI doesn't support mysql ssl connections
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
Il giorno gio 16 mag 2024 alle ore 16:52 Jeremy Harris via Exim-users ha scritto: > Run a test using "exim -be" of a mysql expansion, under strace. > Is that file accessed? Not read because that file is included from my.cnf and my.cnf is read. But seems that the [exim] node is ignored (or the ssl-mode=REQUIRED is not working as expected) -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
On 16/05/2024 21:12, Gandalf Corvotempesta wrote: Not read because that file is included from my.cnf and my.cnf is read. If my.cnf is beaing read, but does not contain the actual conn spec you want used, then there's something wrong with your "include" setup. That configuration can't get read by magic. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
Il giorno gio 16 mag 2024 alle ore 22:21 Jeremy Harris ha scritto: > If my.cnf is beaing read, but does not contain the actual conn spec > you want used, then there's something wrong with your "include" setup. > > That configuration can't get read by magic. The config is read, and it's the standard Debian include system used by Mariadb: # tail -n5 /etc/mysql/my.cnf socket = /run/mysqld/mysqld.sock # Import all .cnf files from configuration directory !includedir /etc/mysql/conf.d/ !includedir /etc/mysql/mariadb.conf.d/ # l /etc/mysql/mariadb.conf.d/ total 52 drwxr-xr-x 2 root root 4096 May 16 22:23 . drwxr-xr-x 4 root root 4096 May 16 22:10 .. -rw-r--r-- 1 root root 575 Jul 23 2023 50-client.cnf -rw-r--r-- 1 root root 231 Jul 28 2023 50-mysql-clients.cnf -rw-r--r-- 1 root root 927 Jul 28 2023 50-mysqld_safe.cnf -rw-r--r-- 1 root root 3769 Jul 28 2023 50-server.cnf -rw-r--r-- 1 root root 570 Jul 28 2023 60-galera.cnf -rw-r--r-- 1 root root 28 May 16 16:33 99-exim.cnf -rw-r--r-- 1 root root 76 Jun 5 2023 provider_bzip2.cnf -rw-r--r-- 1 root root 72 Jun 5 2023 provider_lz4.cnf -rw-r--r-- 1 root root 74 Jun 5 2023 provider_lzma.cnf -rw-r--r-- 1 root root 72 Jun 5 2023 provider_lzo.cnf -rw-r--r-- 1 root root 78 Jun 5 2023 provider_snappy.cnf # cat /etc/mysql/mariadb.conf.d/99-exim.cnf [exim] ssl-mode=REQUIRED -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
# strace exim -be 2>&1 | grep my.cnf
${lookup mysql{SELECT password AS password}}
access("/etc/my.cnf", R_OK) = -1 ENOENT (No such file or directory)
access("/etc/mysql/my.cnf", R_OK) = 0
openat(AT_FDCWD, "/etc/mysql/my.cnf", O_RDONLY) = 3
access("/etc/mysql/conf.d//my.cnf", R_OK) = -1 ENOENT (No such file or
directory)
access("/etc/mysql/mariadb.conf.d//my.cnf", R_OK) = -1 ENOENT (No such
file or directory)
Il giorno gio 16 mag 2024 alle ore 22:26 Gandalf Corvotempesta
ha scritto:
>
> Il giorno gio 16 mag 2024 alle ore 22:21 Jeremy Harris
> ha scritto:
> > If my.cnf is beaing read, but does not contain the actual conn spec
> > you want used, then there's something wrong with your "include" setup.
> >
> > That configuration can't get read by magic.
>
> The config is read, and it's the standard Debian include system used by
> Mariadb:
>
> # tail -n5 /etc/mysql/my.cnf
> socket = /run/mysqld/mysqld.sock
>
> # Import all .cnf files from configuration directory
> !includedir /etc/mysql/conf.d/
> !includedir /etc/mysql/mariadb.conf.d/
>
> # l /etc/mysql/mariadb.conf.d/
> total 52
> drwxr-xr-x 2 root root 4096 May 16 22:23 .
> drwxr-xr-x 4 root root 4096 May 16 22:10 ..
> -rw-r--r-- 1 root root 575 Jul 23 2023 50-client.cnf
> -rw-r--r-- 1 root root 231 Jul 28 2023 50-mysql-clients.cnf
> -rw-r--r-- 1 root root 927 Jul 28 2023 50-mysqld_safe.cnf
> -rw-r--r-- 1 root root 3769 Jul 28 2023 50-server.cnf
> -rw-r--r-- 1 root root 570 Jul 28 2023 60-galera.cnf
> -rw-r--r-- 1 root root 28 May 16 16:33 99-exim.cnf
> -rw-r--r-- 1 root root 76 Jun 5 2023 provider_bzip2.cnf
> -rw-r--r-- 1 root root 72 Jun 5 2023 provider_lz4.cnf
> -rw-r--r-- 1 root root 74 Jun 5 2023 provider_lzma.cnf
> -rw-r--r-- 1 root root 72 Jun 5 2023 provider_lzo.cnf
> -rw-r--r-- 1 root root 78 Jun 5 2023 provider_snappy.cnf
>
> # cat /etc/mysql/mariadb.conf.d/99-exim.cnf
> [exim]
>ssl-mode=REQUIRED
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: MySQL connection with SSL
On 16/05/2024 21:28, Gandalf Corvotempesta via Exim-users wrote:
# strace exim -be 2>&1 | grep my.cnf
${lookup mysql{SELECT password AS password}}
access("/etc/my.cnf", R_OK) = -1 ENOENT (No such file or directory)
access("/etc/mysql/my.cnf", R_OK) = 0
openat(AT_FDCWD, "/etc/mysql/my.cnf", O_RDONLY) = 3
access("/etc/mysql/conf.d//my.cnf", R_OK) = -1 ENOENT (No such file or
directory)
access("/etc/mysql/mariadb.conf.d//my.cnf", R_OK) = -1 ENOENT (No such
file or directory)
So it looks for mariadb.conf.d//my.cnf ; doesn't find it,
and does not access any of the files that *are* in that directory.
Meantime, your config's includes:
# tail -n5 /etc/mysql/my.cnf
socket = /run/mysqld/mysqld.sock
# Import all .cnf files from configuration directory
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
... (I'm guessing) say to look fist in a directory called conf.d -
and we don't see the strace doing that either.
I think you're not running the mysql configuration you think you are running.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Recipient verification and user .forward files
The thread about adding forwarding headers makes me think about how verification is done in the context of forwarding. I'm looking at section 44.25 of the spec where it talks about "generated child addresses" and how it is decided if these are also recursively verified. It doesn't say but it sounds as if this is about addresses generated by a redirect router with a data option, such as one handling the traditional /etc/aliases file. But what about forwarding resulting from rules in user .forward files in either exim filter or sieve format? Since the rules can mention headers, they can't be evaluated at RCPT time, so "child address generation" this way doesn't even make sense if the verification is done from the ACL that runs at this stage. So does it mean such destinations are not recursively verified? And does this mean the recommended method of gathering info for the forwarding headers won't work in this situation? -- Ian -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Recipient verification and user .forward files
On 16/05/2024 22:02, Ian Z via Exim-users wrote: But what about forwarding resulting from rules in user .forward files in either exim filter or sieve format? It will be a redirect router acessing those files or filters. -- Cheers, Jeremy -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Recipient verification and user .forward files
On Thu, May 16, 2024 at 10:16:42PM GMT, Jeremy Harris via Exim-users wrote: > > But what about forwarding resulting from rules in user .forward > > files in either exim filter or sieve format? > It will be a redirect router acessing those files or filters. I understand that a redirect router will eventually handle the message for actual routing. But my question is about verification, and in particular about the situation where a RCPT stage ACL will have verify = recipient. The filter can't be evaluated at that stage. -- Ian -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Re: Recipient verification and user .forward files
On 16/05/2024 22:32, Ian Z via Exim-users wrote:
But my question is about verification, and in
particular about the situation where a RCPT stage ACL will have verify
= recipient. The filter can't be evaluated at that stage.
Verification consists of running the routing process; the same router
chain as is used for delivery (apart from anything you specifically
set up to be different by using the verify_{only,recipient,sender}
option(s) on specific routers). I'm not sure why you think a filter
cannot be evaluated.
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
