Re: [Exim] ACL tidying

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: John Jetmore
CC: exim-users
Subject: Re: [Exim] ACL tidying
John Jetmore wrote:
> I have a tree acl - the one that gets run is based on the recipient
> domain. I have been using it like this, which is very ugly to me:
>
> acl_choose_check_rcpt:
>   accept acl = \
>     ${if \
>       eq\
>         {$domain}\
>         {${lookup\
>           {$domain}\
>           dbmnz{MAILRTRD/db.rtr_alldomains.db}\
>           {$domain}\
>           {}\
>         }}\
>       {acl_rtr_main}\
>       {check_recipient}\
>     }

>
> so, if $domain is in db.rtr_alldomains.db, acl_rtr_main is run. otherwise
> check_recipient is run. I'm trying to find out a cleaner way to write
> this. I thought this would work


accept acl =\
    ${lookup {$domain}\
         dbmnz{MAILRTRD/db.rtr_alldomains.db} \
         {acl_rtr_main} {check_recipient} \
     }


much shorter, isn't it? ;)

> acl_choose_check_rcpt:
>   accept domains = dbmnz;MAILRTRD/db.rtr_alldomains.db
>          acl     = acl_rtr_main
>   accept acl     = check_recipient


That's not the same meaning as above. that would be

acl_choose_check_rcpt:
   accept domains = dbmnz;MAILRTRD/db.rtr_alldomains.db
          acl     = acl_rtr_main
   accept !domains = dbmnz;MAILRTRD/db.rtr_alldomains.db
          acl     = check_recipient


Remember, the ACL-conditions are only meant to return true(accept) or
false(deny),
or defer, what happens depend on the outer ACL, so MAYBE you wanted
require here
instead of accept or deny, it really depends on WHAT you wanted to do.
Nico, (who will be mostly away for the next week)