Re: [Exim] Policy controls for local input

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Alexander Sabourenkov
CC: exim-users
Subject: Re: [Exim] Policy controls for local input
On Tue, 4 Mar 2003, Alexander Sabourenkov wrote:

> No policy checking is done for BSMTP input. That is, no ACL is run at
> anytime. In this respect it is like non-SMTP local input.
>
> Section 5.3, on -bm option, does not say anything about ACLs at all.
>
> This leads to conclusion that ACL are never run for local input.


That was true when the manual was written. It is now out of date. See
the doc/NewStuff file. In the current release, there is a special ACL
that is run *only* for non-interactive-SMTP input (set by acl_not_smtp).

> Section 7.2, hovewer, contains the following:
>
>    accept  hosts = :

>
> This ACL statement accepts the recipient if the sending host matches
> the list. But what does that strange list mean? It doesn't actually
> contain any host names or IP addresses. The presence of the colon puts
> an empty item in the list; Exim matches this only if the incoming
> message didn't come from a remote host. The colon is important.
> Without it, the list itself is empty, and can never match anything.
>
>
> This needs to be clarified. It seems that Exim does not run ACLs on
> local input. Why is it so?


Because ACLs are run after specific SMTP commands, and the result of the
ACL influences the response to the SMTP command. When you aren't using
interactive SMTP, you can't do this.

However, "interactive SMTP" doesn't only mean "non-local". You can use
interactive SMTP locally via the -bs option.

In summary:

1. The SMTP ACLs are used for -bs and SMTP over TCP/IP.
2. The acl_not_smtp ACL is used for -bS and -bm.

Once I have got 4.14 released, my next Exim job is to update the manual
for a fully-documented 4.20 release.


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.