# HG changeset patch # User Heiko Schlittermann (JUMPER) # Date 1426852887 -3600 # Node ID 855b60db012909e08dfee671f953abbc19610039 # Parent ac1700753eea6bc9564de7f84bfb0937114066ab callout added diff -r ac1700753eea -r 855b60db0129 .hgignore --- a/.hgignore Wed Mar 18 23:23:21 2015 +0100 +++ b/.hgignore Fri Mar 20 13:01:27 2015 +0100 @@ -1,4 +1,5 @@ syntax:glob +*.eps *.aux *.log *.nav diff -r ac1700753eea -r 855b60db0129 Makefile --- a/Makefile Wed Mar 18 23:23:21 2015 +0100 +++ b/Makefile Fri Mar 20 13:01:27 2015 +0100 @@ -6,7 +6,7 @@ FRAMES = $(wildcard frames/*tex) OUT = $(wildcard out/*) DIA = $(wildcard dia/*.dia) -IMAGES = $(notdir $(DIA:.dia=.pdf)) +IMAGES = $(notdir $(DIA:.dia=.pdf)) $(notdir $(DIA:.dia=.eps)) .PHONY: clean @@ -25,3 +25,6 @@ %.pdf: dia/%.dia dia --export $@ $< + +%.eps: dia/%.dia + dia --export $@ $< diff -r ac1700753eea -r 855b60db0129 clt2015.tex --- a/clt2015.tex Wed Mar 18 23:23:21 2015 +0100 +++ b/clt2015.tex Fri Mar 20 13:01:27 2015 +0100 @@ -44,8 +44,13 @@ % -- Transport \input{frames/transport.tex} +\section{Beispiele} + +% -- Example CallForward/CutThrough +% vielleicht gehört das nach die ACL geschoben, denn die braucht man, +% um das hier zu verstehen. +\input{frames/callforward.tex} % -- Example Emig -\section{Beispiele} \input{frames/emig.tex} % -- Example Smarthosts \input{frames/smart.tex} diff -r ac1700753eea -r 855b60db0129 dia/callout.dia --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dia/callout.dia Fri Mar 20 13:01:27 2015 +0100 @@ -0,0 +1,495 @@ + + + + + + + + + + + + + #A4# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #RCPT TO:<...># + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #EHLO ... +MAIL FROM:<...> +RCPT TO:<...> +QUIT# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #250 OK# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #MX# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #1# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #2# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #3# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #intern# + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff -r ac1700753eea -r 855b60db0129 frames/callforward.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/frames/callforward.tex Fri Mar 20 13:01:27 2015 +0100 @@ -0,0 +1,52 @@ +\subsection{EmiG} +\begin{frame}[<+->][fragile]{Beispiel: Empfängerüberprüfung}{Callforward} +\begin{block}{Aufgabenstellung} +Exim sei MX und soll Nachrichten an einen internen Server weiterleiten, +aber nur, wenn der Empfänger wirklich existiert. +\end{block} +\begin{block}{Lösung?} +\begin{itemize} + \item Nutzerdatenbank duplizieren + \item Nutzerdatenbank (LDAP, AD, …) anzapfen? + \item Also: die Entscheidung an den internen MTA zu delegieren. +\end{itemize} +\end{block} +\begin{block}{Lösung!} +Callforward - Überprüfung des Empfängers per SMTP +\setbeamercovered{invisible} +\pause +\includegraphics[width=0.8\textwidth]{callout.eps} +\end{block} +\end{frame} + +\begin{frame}[<+->][fragile]{Beispiel: Empfängerüberprüfung}{Callforward} +\begin{verbatim} +begin acl + + acl_check_recipient: + + … + + deny domains = +internal_domains + !verify = recipient/callout=use_sender,defer_ok + + accept + +\end{verbatim} +\begin{block}{„Probleme“} +\begin{itemize} + \item Exchange 2010(?): Unknown User erst nach DATA + \item Content-Scan auf dem internen Server +\end{itemize} +\end{block} +\end{frame} + +\begin{frame}[<+->][fragile]{Test Callforward}{existierender Empfänger} +\scriptsize +\ttinput{out/callout-ok.tt} +\end{frame} + +\begin{frame}[<+->][fragile]{Test Callforward}{nicht-existierender Empfänger} +\scriptsize +\ttinput{out/callout-not-ok.tt} +\end{frame} diff -r ac1700753eea -r 855b60db0129 out/callout-not-ok.tt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/out/callout-not-ok.tt Fri Mar 20 13:01:27 2015 +0100 @@ -0,0 +1,31 @@ +$ swaks -f hans@example.com -t foo@schlittermann.de --pipe 'exim -bhc 8.8.4.4' -q rcpt +=== Trying pipe to exim -bhc 8.8.4.4... +<- **** SMTP testing session as if from host 8.8.4.4 +<- **** This is not for real! +<- 220 hs12.schlittermann.de ESMTP Exim 4.85_RC1-53-a466d09-XX Fri, 20 Mar 2015 12:37:17 +0100 +… + -> RCPT TO: +>>> using ACL "acl_check_rcpt" +>>> check !verify = recipient/callout=use_sender,defer_ok +>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +>>> routing foobar@schlittermann.de +>>> schlittermann.de in "! +local_domains"? yes (end of list) +>>> calling dnslookup router +… +>>> routed by dnslookup router +>>> Attempting full verification using callout +>>> Connecting to ssl.schlittermann.de [212.80.235.130]:25 ... connected +>>> SMTP<< 220 ssl.schlittermann.de ESMTP Exim (mx) 4.80 Fri, 20 Mar 2015 12:37:20 +0100 +>>> SMTP>> STARTTLS +>>> SMTP<< 220 TLS go ahead +>>> SMTP>> MAIL FROM: +>>> SMTP<< 250 OK +>>> SMTP>> RCPT TO: +>>> SMTP<< 550-recipient verify failed +>>> 550 Server time: Fri, 20 Mar 2015 12:37:20 +0100 +>>> SMTP>> QUIT +>>> ----------- end verify ------------ +<** 550-Callout verification failed: +<** 550-550-recipient verify failed +<** 550 550 Server time: Fri, 20 Mar 2015 12:37:20 +0100 + -> QUIT diff -r ac1700753eea -r 855b60db0129 out/callout-ok.tt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/out/callout-ok.tt Fri Mar 20 13:01:27 2015 +0100 @@ -0,0 +1,28 @@ +$ swaks -f hans@example.com -t hs@schlittermann.de --pipe 'exim -bhc 8.8.4.4' -q rcpt +=== Trying pipe to exim -bhc 8.8.4.4... +<- **** SMTP testing session as if from host 8.8.4.4 +<- **** This is not for real! +<- 220 hs12.schlittermann.de ESMTP Exim 4.85_RC1-53-a466d09-XX Fri, 20 Mar 2015 12:33:18 +0100 +… + -> RCPT TO: +>>> using ACL "acl_check_rcpt" +>>> check !verify = recipient/callout=use_sender,defer_ok +>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +>>> routing hs@schlittermann.de +>>> schlittermann.de in "! +local_domains"? yes (end of list) +>>> calling dnslookup router +… +>>> routed by dnslookup router +>>> Attempting full verification using callout +>>> Connecting to ssl.schlittermann.de [212.80.235.130]:25 ... connected +>>> SMTP<< 220 ssl.schlittermann.de ESMTP Exim (mx) 4.80 Fri, 20 Mar 2015 12:33:20 +0100 +>>> SMTP>> STARTTLS +>>> SMTP<< 220 TLS go ahead +>>> SMTP>> MAIL FROM: +>>> SMTP<< 250 OK +>>> SMTP>> RCPT TO: +>>> SMTP<< 250 Accepted +>>> SMTP>> QUIT +>>> ----------- end verify ------------ +<- 250 Accepted + -> QUIT