Re: [Exim] Version 4 ACL comment...

Top Pagina
Delete this message
Reply to this message
Auteur: Kai Henningsen
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] Version 4 ACL comment...
bbowler@??? (Bruce Bowler) wrote on 17.01.01 in <20010117112309.2258.BBOWLER@???>:

> I'll admit I haven't read the whole planning document so this may be
> addressed in some bit that I haven't yet digested but it seems to me
> that this bit...
>
> ---- start copy ----
> The (new) second section of the configuration file contains any number
> of Access Control Lists. Each list begins with a name that is terminated
> by a colon. The lines that follow, up to the next name line or the `end'
> line, comprise the named list. For example:
>
>     local_acl:
>       accept recipient = +local_domains : verify : verify_sender
>     relay_acl:
>       accept recipient = +relay_domains
>       accept authenticated

>
> The colons in individual ACLs are interpreted as `and'. The ACLs are
> used by being referred to from options in other parts of the
> configuration. For incoming messages, the accept_recipient option lists
> the ACLs to apply to the arguments of RCPT commands. For example,
>
>     accept_recipient = local_acl : relay_acl

>
> The colons in these lists are interpreted as `or'. In this example, the
> recipient is accepted if either of the two ACLs accepts it. ACLs can
> also be referred to from other ACLs. (There will a check to prevent
> looping.)
> ---- end copy----


Oh, now I see why I was confused about and vs. or!

This is especially important vs. the "acl =" acl item.

Personally, I'd say make it always mean "and", and do the "or" thing by
creating an acl, like this:

accept_recipient = accept_recipient_acl


accept_recipient_acl:
accept acl = local_acl
accept acl = relay_acl


IMO, additional clarity is worth those few additional lines in the config.

MfG Kai