Re: [Exim] Planning for Exim 4

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-users
Subject: Re: [Exim] Planning for Exim 4
I have been giving some thought to the choice between the "ACL" and
"AND/OR" syntax for checking incoming recipients. The following seem to
me to be relevant to the choice:

1. Which will be easier for the beginner? (Experienced people will cope
either way.)

2. Is one easier to implement than the other? Would one be faster than
the other?

3. Does one offer more or better facilities than the other?

4. Is there overwhelming user support for one or the other?

So far, the support seems marginally in favour of ACL. These are my
thoughts on the other questions:

1. Not being a beginner (any more :-) I find this one hard to answer.
One possibly relevant point is that if a newbie learns about accept/deny
lists, this knowledge may be relevant for other applications, whereas
parochial Exim-specific syntax is not. I rather suspect that, because
different people think different ways, there isn't anything to choose
between them on this issue.

2. ACL would be easier to implement, because there isn't any need to do
messy parsing of parenthesized sublists. As a consequence, it may also
run faster (marginally). ACL also avoids the problems of defining the
precise syntax, such as when to recognize AND and OR and parentheses,
which are strings that may well occur in individual conditions. Not
having to have elaborate quoting mechanisms makes the whole thing easier
to implement and also to explain - so maybe this is relevant to point 1
as well.

3. I see an advantage in ACL in that it supports both "accept" and
"deny" which allows some expressions to be written in a more natural
way, with fewer negatives. This may be illustrated by an example
previously noted. I challenged people to find the bug in this setting,
but nobody has responded. Here is the configuration, in the two
different formats:

accept_recipient = address = postmaster@??? OR \
                   sender = !bad@??? AND \
                   ( \
                    address = +local_domains AND verify OR \
                    authenticated OR \
                    address = +relay_domains OR \
                    host = 192.168.23.0/24 \
                   ) \
                   AND notlisted = dul.maps.vix.com \
                   AND sender_verify


As an ACL:

  accept   address = postmaster@???
  deny     sender = bad@???
  deny     listed = dul.maps.vix.com
  deny     no_sender_verify
  accept   address = +local_domains : verify
  accept   authenticated
  accept   address = +relay_domains
  accept   host = 192.168.23.0/24


The implicit assumption is that addresses in local domains are accepted
only if they verify, but this configuration accepts a message addressed
to a local domain, even if the address does not verify, provided the
sender is authenticated or in 192.168.23.0/24.

How does the fixed version look? Something like this:

accept_recipient = address = postmaster@??? OR \
                   sender = !bad@??? AND \
                   ( \
                    address =  +local_domains AND verify OR \
                    address =  +relay_domains OR \
                    address = !+local_domains AND \
                      ( \
                      authenticated OR \
                      host = 192.168.23.0/24 \
                      ) \
                   ) \
                   AND notlisted = dul.maps.vix.com \
                   AND sender_verify


As an ACL:

  accept   address = postmaster@???
  deny     sender = bad@???
  deny     listed = dul.maps.vix.com
  deny     no_sender_verify
  accept   address = +local_domains : verify
  deny     address = +local_domains 
  accept   address = +relay_domains
  accept   authenticated
  accept   host = 192.168.23.0/24


I always was worried that the AND/OR mechanism could get very
complicated, and this is beginning to look very messy, IMHO (and we
haven't included any RBL lists yet).

My current feeling is that the "ACL" offers significant advantages.
(Probably, it should be called a "recipient control list".)

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.