.cindex "header lines" "verifying header names only ASCII"
.cindex "verifying" "header names only ASCII"
This condition is relevant only in an ACL that is run after a message has been
-received, that is, in an ACL specified by &%acl_smtp_data%& or
-&%acl_not_smtp%&. It checks all header names (not the content) to make sure
+received.
+This usually means an ACL specified by &%acl_smtp_data%& or &%acl_not_smtp%&.
+It checks all header names (not the content) to make sure
there are no non-ASCII characters, also excluding control characters. The
allowable characters are decimal ASCII values 33 through 126.
(eg. is generated from the received message)
they must be protected from the options parsing by doubling:
.code
-verify = sender=${sg{${address:$h_sender:}}{/}{//}}
+verify = sender=${listquote{/}{${address:$h_sender:}}}
.endd
.endlist
expanded; previously using tainted values was rejected. Fix by using
dynamically-created buffers.
+JH/09 Relax restrictions on ACL verify condition needing access to message
+ headers. Previously they were only permitted in data and non-smtp ACLs;
+ permit also mime, dkim, prdr quit and notquit. Applies to header-syntax,
+ not_blind, header_sender and header_names_ascii verification.
+
Exim version 4.94
-----------------
{ US"certificate", VERIFY_CERT, (unsigned)~0, TRUE, 0 },
{ US"helo", VERIFY_HELO, (unsigned)~0, TRUE, 0 },
{ US"csa", VERIFY_CSA, (unsigned)~0, FALSE, 0 },
- { US"header_syntax", VERIFY_HDR_SYNTAX, ACL_BIT_DATA | ACL_BIT_NOTSMTP, TRUE, 0 },
- { US"not_blind", VERIFY_NOT_BLIND, ACL_BIT_DATA | ACL_BIT_NOTSMTP, FALSE, 0 },
- { US"header_sender", VERIFY_HDR_SNDR, ACL_BIT_DATA | ACL_BIT_NOTSMTP, FALSE, 0 },
+ { US"header_syntax", VERIFY_HDR_SYNTAX, ACL_BITS_HAVEDATA, TRUE, 0 },
+ { US"not_blind", VERIFY_NOT_BLIND, ACL_BITS_HAVEDATA, FALSE, 0 },
+ { US"header_sender", VERIFY_HDR_SNDR, ACL_BITS_HAVEDATA, FALSE, 0 },
{ US"sender", VERIFY_SNDR, ACL_BIT_MAIL | ACL_BIT_RCPT
| ACL_BIT_PREDATA | ACL_BIT_DATA | ACL_BIT_NOTSMTP,
FALSE, 6 },
{ US"recipient", VERIFY_RCPT, ACL_BIT_RCPT, FALSE, 0 },
- { US"header_names_ascii", VERIFY_HDR_NAMES_ASCII, ACL_BIT_DATA | ACL_BIT_NOTSMTP, TRUE, 0 },
+ { US"header_names_ascii", VERIFY_HDR_NAMES_ASCII, ACL_BITS_HAVEDATA, TRUE, 0 },
#ifdef EXPERIMENTAL_ARC
{ US"arc", VERIFY_ARC, ACL_BIT_DATA, FALSE , 0 },
#endif
#define ACL_BIT_MIME BIT(ACL_WHERE_MIME)
#define ACL_BIT_DKIM BIT(ACL_WHERE_DKIM)
#define ACL_BIT_DATA BIT(ACL_WHERE_DATA)
-#ifndef DISABLE_PRDR
+#ifdef DISABLE_PRDR
+# define ACL_BIT_PRDR 0
+#else
# define ACL_BIT_PRDR BIT(ACL_WHERE_PRDR)
#endif
#define ACL_BIT_NOTSMTP BIT(ACL_WHERE_NOTSMTP)
#define ACL_BIT_DELIVERY BIT(ACL_WHERE_DELIVERY)
#define ACL_BIT_UNKNOWN BIT(ACL_WHERE_UNKNOWN)
+#define ACL_BITS_HAVEDATA (ACL_BIT_MIME | ACL_BIT_DKIM | ACL_BIT_DATA \
+ | ACL_BIT_PRDR \
+ | ACL_BIT_NOTSMTP | ACL_BIT_QUIT | ACL_BIT_NOTQUIT)
+
/* Situations for spool_write_header() */
git://git.exim.org / users / heiko / exim.git / commitdiff