Two possibilities:
(1) Wouldn't it be better to include both accept and reject options,
and have the admin choose which one to use, tcp_wrappers-style?
That is, to have a mostly-open access list, use *_reject. To
have a mostly-closed access list, use *_accept. If both are
used, follow the same order as tcp_wrappers: if there's a match
in *_accept, follow the sense (normal or negated) of the match.
Otherwise, if there's a match in *_reject, follow the sense of
the match. Otherwise, do the default (which is what---accept or
reject?)
(2) Get rid of *_accept and *_reject. Use *_access_control (or some
other descriptive keyword or phrase with neither positive nor
negative sense) instead, with items that look like:
host_access_control = accept=10.0.13.0/24 : \
reject=spam.spam.baked-beans.com
This gives the following added benefits:
- accept and reject lists can be separated if so desired:
hosts_access_control = \
accept=lsearch;/etc/exim/hosts.accept : \
reject=lsearch;/etc/exim/hosts
or combined:
hosts_access_control = \
cdb;/etc/exim/hosts.access
- It's much clearer what should be accepted or rejected, since
the keywords are there. The lack or presence of a `!' is not
nearly as clear.
Just my brainstorming.
--jim
%%%%%%%%%%%%%%% jim knoble %%%%%%%% jmknoble@??? %%%%%%%%%%%%%%%%%
Reality is futile; you will be simulated.
På 1999-Mar-17 klokka 11:48:57 +0000 skrivet Philip Hazel:
: One more issue on which I'd like opinions, please. When I collapse an
: (accept,reject,reject_except) group of options down into a single
: option, there is a choice of whether that option should be an accept
: option or a reject option. I see the following opposing arguments:
[...]
--
*** Exim information can be found at
http://www.exim.org/ ***
