Thanks to Mike and Steve for suggestions! I've yet to try them out, but I'm sure they'll come in handy :)
Regards, Fredrik Mike Cardwell schrieb: > Fredrik Melander wrote: > >> On behalf of my employer I'm trying to port a script I used to parse >> x509-certificates with Postfix to work with Exim. This is my very first >> experience with Exim so bare with me if my questions come across as >> stupid. I did briefly plough through "The Exim SMTP mail server" (Hazel) >> and searched the archive, unfortunately without ending up that much >> wiser (well, in this regard). >> >> What I want to do is something along the following lines: >> >> Let's say I have a daemon process in form of a python-script listening >> on a certain port on my machine. Upon recieving a x509-certificate from >> a remote machine Exim deligates this to my script, preferably over TCP >> but if not possible also through a pipe or similar. My script will then >> decide if the email be accepted or not. >> >> With postfix I would simply have my daemon listening to a port of my >> liking, say 5244, and then use a rule like: >> >> smtpd_recipient_restrictions = check_policy_service inet:localhost:5244 >> >> ...and so on... With Exim I've seen two options that I figure could do >> something similar. First, the queryprogram router, and secondly the >> run-command (in string expansions). The problems I see with these is >> that my script gets started and stopped each time an email arrives >> instead of remaining running as a daemon. Secondly, I haven't figured >> out how to pass the appropriate arguments to them (with Postfix, for >> example, I'd get a nice array with information about the client and it's >> certificate "for free" without explicitly having to ask for it). >> >> I'm afraid my limited experience with Exim kind of prevents me from >> asking the right questions, but I'd be very happy for any suggestions in >> the matter. Is my problem somewhat clear? Are there any other possible >> ways of achieving this? Is it at all possible for Exim to call my script >> over a TCP-port like stated above? > > You can connect to a tcp port by using the "readsocket" expansion as > described on > http://www.exim.org/exim-html-current/doc/html/spec_html/ch11.html > > I'm not sure if you can get access to the certificate details that you > want though. $tls_peerdn contains the client certificate distinguished > name if that is enough? You can also get the cipher used from > $tls_cipher and whether or not the certificate verified from > $tls_certificate_verified. They are all described on the same page as > readsocket. >
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
