\accept\: If all the conditions are met, the ACL returns `accept'. If any of
the conditions are not met, what happens depends on whether \endpass\ appears
among the conditions (for syntax see below). If the failing condition is before
\accept\: If all the conditions are met, the ACL returns `accept'. If any of
the conditions are not met, what happens depends on whether \endpass\ appears
among the conditions (for syntax see below). If the failing condition is before
command is accepted if verification succeeds. However, if verification fails,
the ACL yields `deny', because the failing condition is after \endpass\.
.nextp
command is accepted if verification succeeds. However, if verification fails,
the ACL yields `deny', because the failing condition is after \endpass\.
.nextp
\defer\: If all the conditions are met, the ACL returns `defer' which, in an
SMTP session, causes a 4\*xx*\ response to be given. For a non-SMTP ACL,
\defer\ is the same as \deny\, because there is no way of sending a temporary
\defer\: If all the conditions are met, the ACL returns `defer' which, in an
SMTP session, causes a 4\*xx*\ response to be given. For a non-SMTP ACL,
\defer\ is the same as \deny\, because there is no way of sending a temporary
\%redirect%\ router and \":defer:"\ while verifying, but the \defer\ verb can
be used in any ACL, and even for a recipient it might be a simpler approach.
.nextp
\%redirect%\ router and \":defer:"\ while verifying, but the \defer\ verb can
be used in any ACL, and even for a recipient it might be a simpler approach.
.nextp
\deny\: If all the conditions are met, the ACL returns `deny'. If any of the
conditions are not met, control is passed to the next ACL statement. For
example,
\deny\: If all the conditions are met, the ACL returns `deny'. If any of the
conditions are not met, control is passed to the next ACL statement. For
example,
\discard\: This verb behaves like \accept\, except that it returns `discard'
from the ACL instead of `accept'. It is permitted only on ACLs that are
concerned with receiving messages, and it causes recipients to be discarded.
\discard\: This verb behaves like \accept\, except that it returns `discard'
from the ACL instead of `accept'. It is permitted only on ACLs that are
concerned with receiving messages, and it causes recipients to be discarded.
\drop\: This verb behaves like \deny\, except that an SMTP connection is
forcibly closed after the 5\*xx*\ error message has been sent. For example:
.display asis
\drop\: This verb behaves like \deny\, except that an SMTP connection is
forcibly closed after the 5\*xx*\ error message has been sent. For example:
.display asis
There is no difference between \deny\ and \drop\ for the connect-time ACL. The
connection is always dropped after sending a 550 response.
.nextp
There is no difference between \deny\ and \drop\ for the connect-time ACL. The
connection is always dropped after sending a 550 response.
.nextp
\require\: If all the conditions are met, control is passed to the next ACL
statement. If any of the conditions are not met, the ACL returns `deny'. For
example, when checking a \\RCPT\\ command,
\require\: If all the conditions are met, control is passed to the next ACL
statement. If any of the conditions are not met, the ACL returns `deny'. For
example, when checking a \\RCPT\\ command,
passes control to subsequent statements only if the message's sender can be
verified. Otherwise, it rejects the command.
.nextp
passes control to subsequent statements only if the message's sender can be
verified. Otherwise, it rejects the command.
.nextp
\warn\: If all the conditions are met, a header line is added to an incoming
message and/or a line is written to Exim's main log. In all cases, control
passes to the next ACL statement. The text of the added header line and the log
\warn\: If all the conditions are met, a header line is added to an incoming
message and/or a line is written to Exim's main log. In all cases, control
passes to the next ACL statement. The text of the added header line and the log
.em
This modifier affects the subsequent processing of the SMTP connection or of an
incoming message that is accepted. The effect of the first type of control
.em
This modifier affects the subsequent processing of the SMTP connection or of an
incoming message that is accepted. The effect of the first type of control
.index \-bh-\ option
This modifier causes Exim to wait for the time interval before proceeding. The
time is given in the usual Exim notation. This modifier may appear in any ACL.
.index \-bh-\ option
This modifier causes Exim to wait for the time interval before proceeding. The
time is given in the usual Exim notation. This modifier may appear in any ACL.
This modifier, which has no argument, is recognized only in \accept\
statements. It marks the boundary between the conditions whose failure causes
control to pass to the next statement, and the conditions whose failure causes
the ACL to return `deny'. See the description of \accept\ above.
.item "log@_message = <<text>>"
This modifier, which has no argument, is recognized only in \accept\
statements. It marks the boundary between the conditions whose failure causes
control to pass to the next statement, and the conditions whose failure causes
the ACL to return `deny'. See the description of \accept\ above.
.item "log@_message = <<text>>"
This modifier sets up a message that is used as part of the log message if the
ACL denies access or a \warn\ statement's conditions are true. For example:
.display asis
This modifier sets up a message that is used as part of the log message if the
ACL denies access or a \warn\ statement's conditions are true. For example:
.display asis
.index log||in ACL, immediate
This modifier writes a message to a log file as soon as it is encountered when
processing an ACL. (Compare \log@_message\, which, except in the case of
.index log||in ACL, immediate
This modifier writes a message to a log file as soon as it is encountered when
processing an ACL. (Compare \log@_message\, which, except in the case of
This modifier sets up a text string that is expanded and used as an error
message if the current statement causes the ACL to deny access. The expansion
happens at the time Exim decides that access is to be denied, not at the time
This modifier sets up a text string that is expanded and used as an error
message if the current statement causes the ACL to deny access. The expansion
happens at the time Exim decides that access is to be denied, not at the time
use a \message\ modifier, or make use of \$acl@_verify@_message$\.
.item "set <<acl@_name>> = <<value>>"
use a \message\ modifier, or make use of \$acl@_verify@_message$\.
.item "set <<acl@_name>> = <<value>>"
.rset SECTaddheadwarn "~~chapter.~~section"
.index header lines||adding in an ACL
.index header lines||position of added lines
.rset SECTaddheadwarn "~~chapter.~~section"
.index header lines||adding in an ACL
.index header lines||position of added lines
The \message\ modifier can be used on a \warn\ statement to add an extra header
line to an incoming message, as in this example:
.display asis
The \message\ modifier can be used on a \warn\ statement to add an extra header
line to an incoming message, as in this example:
.display asis
The possible values of the argument are the same as for the
\acl@_smtp@_$it{xxx}\ options. The named or inline ACL is run. If it returns
`accept' the condition is true; if it returns `deny' the condition is false. If
The possible values of the argument are the same as for the
\acl@_smtp@_$it{xxx}\ options. The named or inline ACL is run. If it returns
`accept' the condition is true; if it returns `deny' the condition is false. If
commands for different local users or different local domains.
.item "authenticated = <<string list>>"
commands for different local users or different local domains.
.item "authenticated = <<string list>>"
.index authentication||ACL checking
.index ~~ACL||testing for authentication
If the SMTP connection is not authenticated, the condition is false. Otherwise,
.index authentication||ACL checking
.index ~~ACL||testing for authentication
If the SMTP connection is not authenticated, the condition is false. Otherwise,
.index customizing||ACL condition
.index ~~ACL||customized test
.index ~~ACL||testing, customized
.index customizing||ACL condition
.index ~~ACL||customized test
.index ~~ACL||testing, customized
This condition is available only when Exim is compiled with the
content-scanning extension, and it is allowed only the the ACL defined by
\acl@_smtp@_mime\. It causes the current MIME part to be decoded into a file.
This condition is available only when Exim is compiled with the
content-scanning extension, and it is allowed only the the ACL defined by
\acl@_smtp@_mime\. It causes the current MIME part to be decoded into a file.
here. See sections ~~SECTmorednslists--~~SECTmorednslistslast for details.
.item "domains = <<domain list>>"
here. See sections ~~SECTmorednslists--~~SECTmorednslistslast for details.
.item "domains = <<domain list>>"
.index domain||ACL checking
.index ~~ACL||testing a recipient domain
This condition is relevant only after a \\RCPT\\ command. It checks that the
.index domain||ACL checking
.index ~~ACL||testing a recipient domain
This condition is relevant only after a \\RCPT\\ command. It checks that the
.index encryption||checking in an ACL
.index ~~ACL||testing for encryption
If the SMTP connection is not encrypted, the condition is false. Otherwise, the
.index encryption||checking in an ACL
.index ~~ACL||testing for encryption
If the SMTP connection is not encrypted, the condition is false. Otherwise, the
.index host||ACL checking
.index ~~ACL||testing the client host
This condition tests that the calling host matches the host list. If you have
.index host||ACL checking
.index ~~ACL||testing the client host
This condition tests that the calling host matches the host list. If you have
.index local part||ACL checking
.index ~~ACL||testing a local part
This condition is relevant only after a \\RCPT\\ command. It checks that the
.index local part||ACL checking
.index ~~ACL||testing a local part
This condition is relevant only after a \\RCPT\\ command. It checks that the
.index ~~ACL||virus scanning
.index ~~ACL||scanning for viruses
This condition is available only when Exim is compiled with the
.index ~~ACL||virus scanning
.index ~~ACL||scanning for viruses
This condition is available only when Exim is compiled with the
.index ~~ACL||testing by regex matching
This condition is available only when Exim is compiled with the
content-scanning extension, and it is allowed only the the ACL defined by
.index ~~ACL||testing by regex matching
This condition is available only when Exim is compiled with the
content-scanning extension, and it is allowed only the the ACL defined by
.index recipient||ACL checking
.index ~~ACL||testing a recipient
This condition is relevant only after a \\RCPT\\ command. It checks the entire
.index recipient||ACL checking
.index ~~ACL||testing a recipient
This condition is relevant only after a \\RCPT\\ command. It checks the entire
.index ~~ACL||testing by regex matching
This condition is available only when Exim is compiled with the
content-scanning extension. It causes the incoming message to be scanned
.index ~~ACL||testing by regex matching
This condition is available only when Exim is compiled with the
content-scanning extension. It causes the incoming message to be scanned
.index sender||ACL checking
.index ~~ACL||testing a sender domain
This condition tests the domain of the sender of the message against the given
.index sender||ACL checking
.index ~~ACL||testing a sender domain
This condition tests the domain of the sender of the message against the given
.index sender||ACL checking
.index ~~ACL||testing a sender
This condition tests the sender of the message against the given list. To test
.index sender||ACL checking
.index ~~ACL||testing a sender
This condition tests the sender of the message against the given list. To test
.index ~~ACL||scanning for spam
This condition is available only when Exim is compiled with the
content-scanning extension. It causes the incoming message to be scanned by
.index ~~ACL||scanning for spam
This condition is available only when Exim is compiled with the
content-scanning extension. It causes the incoming message to be scanned by
.index TLS||client certificate verification
.index certificate||verification of client
.index ~~ACL||certificate verification
.index TLS||client certificate verification
.index certificate||verification of client
.index ~~ACL||certificate verification
.index ~~ACL||verifying sender in the header
.index header lines||verifying the sender in
.index sender||verifying in header
.index ~~ACL||verifying sender in the header
.index header lines||verifying the sender in
.index sender||verifying in header
.index ~~ACL||verifying header syntax
.index header lines||verifying syntax
.index verifying||header syntax
.index ~~ACL||verifying header syntax
.index header lines||verifying syntax
.index verifying||header syntax
.index ~~ACL||verifying HELO/EHLO
.index \\HELO\\||verifying
.index \\EHLO\\||verifying
.index ~~ACL||verifying HELO/EHLO
.index \\HELO\\||verifying
.index \\EHLO\\||verifying
.index ~~ACL||verifying recipient
.index recipient||verifying
.index verifying||recipient
.index ~~ACL||verifying recipient
.index recipient||verifying
.index verifying||recipient
.index ~~ACL||verifying host reverse lookup
.index host||verifying reverse lookup
This condition ensures that a verified host name has been looked up from the IP
.index ~~ACL||verifying host reverse lookup
.index host||verifying reverse lookup
This condition ensures that a verified host name has been looked up from the IP