Given this Dovecot PasswdFile with a homegrown smtp ExtraField:
$ head -1 /data/example.org/etc/passwd
foo@example.org:{MD5-CRYPT}$1$HASH-U-LIKE::::::updated=1409712878 smtp=no
Then this Exim ACL snippet forbids the user from sending mail. Dovecot will allow them to login (allowing them receive the mail asking them to change their password) and so will ancillary systems that authenticate with the same data (eg: the password changing facility):
deny authenticated = *
message = User must change password before sending any new mail. See https://example.org/notices
set acl_c_auth_sender_address = $authenticated_id
set acl_c_auth_sender_domain = ${extract{-1}{@}{$acl_c_auth_sender_address}}
set acl_c_user_passwd_entry = ${lookup{${acl_c_auth_sender_address}}lsearch{/data/${acl_c_auth_sender_domain}/etc/passwd}}
set acl_c_user_passwd_fields = ${extract{-1}{:}{$acl_c_user_passwd_entry}}
set acl_c_user_smtp_field = ${extract{smtp}{$acl_c_user_passwd_fields}}
condition = ${if eq{$acl_c_user_smtp_field}{no}}
- The use of ACL variables is a bit gratuitous but allows the massive expansion to be built up piece by piece.
- We check the
authenticated_idnot thesender_fromsince we permit senders to set their ownFromaddress, but they still need to authenticate with their real account.
last updated: