Re: [EXIM] Negation in domain/host/net/address lists

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJim Knoble at <-
M 
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Jim Knoble
CC: exim-users
Subject: Re: [EXIM] Negation in domain/host/net/address lists
On Wed, 17 Mar 1999, Jim Knoble wrote: 

>   (1) Wouldn't it be better to include both accept and reject options,
>       and have the admin choose which one to use, tcp_wrappers-style?

I had indeed thought of doing this, but if carried through completely,
it would in fact *add* options to the current list, since some of them
currently have only one of the pair. The negation is going to apply to
things other than accept/reject lists. For example, it will apply to
local_domains, so you could say

local_domains = ! a.b.c : *.b.c

I don't really want to have to invent local_domains_except or whatever. 

>       That is, to have a mostly-open access list, use *_reject.  To
>       have a mostly-closed access list, use *_accept.  If both are
>       used, follow the same order as tcp_wrappers: if there's a match
>       in *_accept, follow the sense (normal or negated) of the match.
>       Otherwise, if there's a match in *_reject, follow the sense of
>       the match.  Otherwise, do the default (which is what---accept or
>       reject?)

I don't really like that style of interaction between accept and reject;
it also seems clear that whatever interaction you choose is going to
confuse some people. Therefore, I think it is clearer to have just one
option. 

>   (2) Get rid of *_accept and *_reject.  Use *_access_control (or some
>       other descriptive keyword or phrase with neither positive nor
>       negative sense) instead, with items that look like:

I thought of that one too. The problem is again that these aren't just
access control options. 

>         host_access_control = accept=10.0.13.0/24 : \
>                  reject=spam.spam.baked-beans.com

That is just syntactic sugar, where your "accept=" is "" in my syntax,
and "reject=" is "!". I don't mind using a different syntax, but people
seem to like the use of ! because it is the same in other places (Cisco
lists, etc.) 

>       This gives the following added benefits:

Separating or combining is equally possible using my syntax. 

>         - It's much clearer what should be accepted or rejected, since
>      the keywords are there.  The lack or presence of a `!' is not
>      nearly as clear.

I think people might not like having to type quite so much. And you can
certainly lay out the lines to make things stand out, for example: 


        host_accept ="  10.0.13.0/24 : \
              ! spam.spam.baked-beans.com : \
                        1.2.3.4/32 : \
                      ! x.y.z"


Thanks for your thoughts. 

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.



--
*** Exim information can be found at http://www.exim.org/ ***


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [EXIM] Alias format.Re: [EXIM] -oi problem->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)