Mailing List Archive

PRDR config example
Hello,

I'm trying to get the PRDR extension to work but can't find any
documentation about its ACL. All I see is the global option
'prdr_enable' and the ACL 'acl_smtp_data_prdr'. But I don't know how to
use it.

Currently, the ACL 'acl_smtp_data' has this:

> # Add marker to the subject above the configured threshold
> warn
> !authenticated = *
> condition = ${if <{$message_size}{5242880}{1}{0}}
> spam = nobody:true
> condition = ${if >={${lookup pgsql{SQL_SPAMMRK}{$value}}}{10}{1}{0}}
> condition = ${if >={$spam_score_int}{${lookup pgsql{SQL_SPAMMRK}{$value}}}{1}{0}}
> set acl_m_subject = $header_Subject: *** Spam $spam_score
> remove_header = Subject
> add_header = Subject: $acl_m_subject
>
> # Reject spam at high scores (see database value, minimum score for reject is 10 = 1.0)
> deny
> !authenticated = *
> condition = ${if <{$message_size}{5242880}{1}{0}}
> spam = nobody:true
> condition = ${if >={${lookup pgsql{SQL_SPAMFLT}{$value}}}{10}{1}{0}}
> condition = ${if >={$spam_score_int}{${lookup pgsql{SQL_SPAMFLT}{$value}}}{1}{0}}
> add_header = X-Spam-Score: $spam_score ($spam_bar)
> add_header = X-Spam-Report: $spam_report
> message = Your message was rejected by recipient preference because it scored $spam_score spam points.

Here's the referenced SQL queries:

> SQL_SPAMFLT = \
> select spam_filter \
> from mail_entries \
> where local || '@' || domain = '${quote_pgsql:$acl_m_rcpt_addr}'
> SQL_SPAMMRK = \
> select spam_marker \
> from mail_entries \
> where local || '@' || domain = '${quote_pgsql:$acl_m_rcpt_addr}'

This adds a marker to the subject and/or rejects the message depending
on the database record. The $acl_m_rcpt_addr value is set in the RCPT
ACL, but it can only be set once. I need another way to know the current
recipient for each recipient.

It's also unclear how the PRDR and DATA ACLs interoperate. I don't
understand what the documentation says about it, it's very vague.

An example for this would be very helpful. I could not find any
configuration info on the web for Exim with PRDR. Looks like nobody uses it.

I want to set this up so that multiple recipients in a single message
can be delivered in one go. Previously, I had to defer all from the
second recipient so that content filtering works properly. This delays
additional recipients by many minutes.

Would this check in the RCPT ACL be correct then?

> defer
> message = only one recipient at a time, or use PRDR
> condition = $prdr_requested
> condition = ${if def:acl_m_rcpt_addr {1}{0}}

I think the first condition needs to be inverted but how does that work?

-Yves

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: PRDR config example [ In reply to ]
On 28/09/2020 20:52, Yves Goergen via Exim-users wrote:
> I'm trying to get the PRDR extension to work but can't find any
> documentation about its ACL. All I see is the global option
> 'prdr_enable' and the ACL 'acl_smtp_data_prdr'. But I don't know how to
> use it.

It gives you a chance to accept/reject individual recipients of
a multi-recipient message. But only when the sending system
has flagged that they can handle the feature.

It gets called once for each recipient, and $local_part
and $domain will have the values for the recicpient.
(docs ACL chapter, section 9).


> It's also unclear how the PRDR and DATA ACLs interoperate. I don't
> understand what the documentation says about it, it's very vague.

The DATA ACL will still be called (after); it could reject the message
even if some single recipients are still non-rejected after
the set of PRDR ACL calls.

You need to write suitable ACL coding to ensure you don't do
no-longer-needed operations in DATA ACL for a message where PRDR
is being done.


> I want to set this up so that multiple recipients in a single message
> can be delivered in one go. Previously, I had to defer all from the
> second recipient so that content filtering works properly. This delays
> additional recipients by many minutes.

Yup, that's why PRDR exists.

> Would this check in the RCPT ACL be correct then?

ACLs chapter, section 26 on ACL conditions.

>
>>     defer
>>         message = only one recipient at a time, or use PRDR
>>         condition = $prdr_requested
>>         condition = ${if def:acl_m_rcpt_addr {1}{0}}
>

You're using a "condition" general-purpose condition. It takes
a possibly-empty string. Generate a suitable string for your
needs using a string-expansion (chapter 11).


Use the "concept index" to navigate the docs
(
http://exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html )
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: PRDR config example [ In reply to ]
Thank you, I could find solutions for this now. Basically I repeated the
DATA ACL condition that uses SpamAssassin and duplicated it into the
PRDR ACL, but with the other variables in the SQL query. Then I added
the inverted PRDR condition to the existing condition to not repeat it
for the final response:

> # Reject spam at high scores (see database value, minimum score for reject is 10 = 1.0)
> deny
> !authenticated = *
> # Don't repeat if already done with PRDR
> condition = ${if !bool{$prdr_requested}}
> condition = ${if <{$message_size}{5242880}}
> spam = nobody:true
> condition = ${if >={${lookup pgsql{SQL_SPAMFLT}{$value}}}{10}}
> condition = ${if >={$spam_score_int}{${lookup pgsql{SQL_SPAMFLT}{$value}}}}
> message = Your message was rejected by recipient preference because it scored $spam_score spam points.

One last question:

Can I add individual headers to the messages for each recipient? The
condition shown above can reject a message above the user's individual
threshold, but the other feature from my previous mail would add a
marker to the subject above the user's other threshold.

Could I use add_header in the PRDR ACL and have the header added to the
recipient's copy of the message only?

-Yves



-------- Ursprüngliche Nachricht --------
Von: Jeremy Harris via Exim-users <exim-users@exim.org>
Gesendet: Montag, 28. September 2020, 23:13 MESZ
Betreff: [exim] PRDR config example

On 28/09/2020 20:52, Yves Goergen via Exim-users wrote:
I'm trying to get the PRDR extension to work but can't find any
documentation about its ACL. All I see is the global option
'prdr_enable' and the ACL 'acl_smtp_data_prdr'. But I don't know how to
use it.

It gives you a chance to accept/reject individual recipients of
a multi-recipient message. But only when the sending system
has flagged that they can handle the feature.

It gets called once for each recipient, and $local_part
and $domain will have the values for the recicpient.
(docs ACL chapter, section 9).


It's also unclear how the PRDR and DATA ACLs interoperate. I don't
understand what the documentation says about it, it's very vague.

The DATA ACL will still be called (after); it could reject the message
even if some single recipients are still non-rejected after
the set of PRDR ACL calls.

You need to write suitable ACL coding to ensure you don't do
no-longer-needed operations in DATA ACL for a message where PRDR
is being done.


I want to set this up so that multiple recipients in a single message
can be delivered in one go. Previously, I had to defer all from the
second recipient so that content filtering works properly. This delays
additional recipients by many minutes.

Yup, that's why PRDR exists.

Would this check in the RCPT ACL be correct then?

ACLs chapter, section 26 on ACL conditions.


    defer
        message = only one recipient at a time, or use PRDR
        condition = $prdr_requested
        condition = ${if def:acl_m_rcpt_addr {1}{0}}


You're using a "condition" general-purpose condition. It takes
a possibly-empty string. Generate a suitable string for your
needs using a string-expansion (chapter 11).


Use the "concept index" to navigate the docs
(
http://exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html )



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: PRDR config example [ In reply to ]
On 28/09/2020 23:47, Yves Goergen via Exim-users wrote:
> Can I add individual headers to the messages for each recipient?

No, not in ACL. There's still only the one message.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/