msys.dp_config.recipient_validation
Use this policy if you wish to perform per-recipient or per-domain recipient validation.
Recipient Validation requires that a datasource be setup in the ecelerity.conf
file. For instructions on how to create datasources see ds_core Module. The name of this datasource is used as the value for the ds_name
element.
If this policy is enabled, any Relay_Domains
defined in ecelerity.conf
will mean that any recipient in such domains will be allowed without any query against the defined datasource. If you wish to perform per- recipient validation then do not define the domains in question using the Relay_Domains
configuration setting. For more information about this configuration option see relay_domains.
This policy is designed to be used on 'inbound' systems, and may be disabled if the system is an 'outbound' system (in this case relay checking should be enabled).
Find below the sample excerpt included in the dp_config.lua
file.
msys.dp_config.recipient_validation = { -- Whether or not to perform recipient validation -- Disabled by default, enable if you want to define a recipient validation -- policy check = true, -- Name of the datasource. If you only want to honor Relay_Domains from -- ecelerity.conf then you should not define either ds_name or query. -- ds_name = "ldap", -- Query, $rcpt is the placeholder for the recipient's email address, -- depending on the datasource it may also be ':rcpt'. If you only -- want to check the domain, use $domain or :domain -- query = "ldap:///DC=domain,DC=com?mail,status?sub?mail=$rcpt", -- Attribute to compare for mailbox status (suspended, active, etc). -- Must be queried in the provided URI. To not perform a status attribute -- check comment out the following line. -- status_attribute = "status", -- Acceptable status values, all other status values will be rejected. -- May include Lua-compatible patterns as well as static strings. -- status_values = { "active", "online", "other" }, -- Enable DHA prevention dha_prevention = true, };
The elements of this configuration table are as follows:
- check
-
Whether or not to use this configuration item.
- ds_name
-
The name for the datasource. If you only want to honor
Relay_Domains
then you should not define either ds_name or query. - query
-
In the sample code above,
$rcpt
is the placeholder for the recipient's email address, depending on the datasource it may also be:rcpt
. If you only want to check the domain, use$domain
or:domain
. Use the syntax required by the driver for the specific datasource. - status_attribute
-
Attribute to compare for mailbox status (suspended, active, etc). Must be queried in the provided URI. To not perform a status attribute check comment out this element.
- status_values
-
Acceptable status values, all other status values will be rejected. May include Lua-compatible patterns as well as static strings.
- dha_prevention
-
Enable DHA prevention.