:: Re: [DNG] dovecot / exim4 / system …
Top Page
Delete this message
Reply to this message
Author: Andrew McGlashan
Date:  
To: dng
Subject: Re: [DNG] dovecot / exim4 / system users -- restriction of emails per user
Hi,

Okay, this is how I've managed to /mostly/ sort this problem; logging is
my friend and I can keep outgoing emails for verification.

I've adjusted an acl entry to add a temporary header as follows:

/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt

  accept
    authenticated = *
    add_header = X-Authenticated-User: Yes by example.org --
${authenticated_id} -- sender address: ${sender_address}


I also put that up a little higher in the config file to make sure I get
the header added.


That gives me a header to use in the /etc/exim4/system_filter

Then in the system_filter I have the following:


if $h_X-Authenticated-User: contains "Yes by example.org"
then
        logfile /backup/mail/system_filter_all_mail/authenticated_emails.log
        logwrite
"$tod_log\t$message_id\t$message_size\tX-Authenticated-User:
~$h_X-Authenticated-User:~\t-- reply address: $reply_address"
        logwrite "$sender_host_address $sender_address"
        logwrite "$reply_address"
        logwrite "$h_to"
        logwrite "$h_subject:\n\n"
        logwrite "$sender_address_domain"
        logwrite
"/backup/mail/system_filter_all_mail/authenticated/$authenticated_id/$sender_address_domain/$sender_host_address/.${tr{$sender_address}{.}{_}}/${length_99:${tr{$recipients}{.,\040}{_--}}}/"
        unseen save
/backup/mail/system_filter_all_mail/authenticated/$authenticated_id/$sender_address_domain/$sender_host_address/.${tr{$sender_address}{.}{_}}/${length_99:${tr{$recipients}{.,\040}{_--}}}/
else
        logfile
/backup/mail/system_filter_all_mail/non-authenticated_emails.log
        logwrite "$tod_log\t$message_id\t$message_size"
        logwrite "$sender_host_address $sender_address"
        logwrite "$reply_address"
        logwrite "$h_to"
        logwrite "$h_subject:\n\n"
        logwrite "$sender_address_domain"
endif



# Remove this specially added header as it should not be sent externally
to anybody
# as it gives away the user's authentication id (username)
headers remove "X-Authenticated-User"


Now, that works fine with normal usage, but I still need a way with
SquirrelMail -- that won't give me the authenticated_id :(

Kind Regards
AndrewM