Re: [Exim] ACL tidying

Top Pagina
Delete this message
Reply to this message
Auteur: Nico Erfurth
Datum:  
Aan: John Jetmore
CC: exim-users
Onderwerp: Re: [Exim] ACL tidying
John Jetmore wrote:
> I have a tree acl - the one that gets run is based on the recipient
> domain. I have been using it like this, which is very ugly to me:
>
> acl_choose_check_rcpt:
>   accept acl = \
>     ${if \
>       eq\
>         {$domain}\
>         {${lookup\
>           {$domain}\
>           dbmnz{MAILRTRD/db.rtr_alldomains.db}\
>           {$domain}\
>           {}\
>         }}\
>       {acl_rtr_main}\
>       {check_recipient}\
>     }

>
> so, if $domain is in db.rtr_alldomains.db, acl_rtr_main is run. otherwise
> check_recipient is run. I'm trying to find out a cleaner way to write
> this. I thought this would work


accept acl =\
    ${lookup {$domain}\
         dbmnz{MAILRTRD/db.rtr_alldomains.db} \
         {acl_rtr_main} {check_recipient} \
     }


much shorter, isn't it? ;)

> acl_choose_check_rcpt:
>   accept domains = dbmnz;MAILRTRD/db.rtr_alldomains.db
>          acl     = acl_rtr_main
>   accept acl     = check_recipient


That's not the same meaning as above. that would be

acl_choose_check_rcpt:
   accept domains = dbmnz;MAILRTRD/db.rtr_alldomains.db
          acl     = acl_rtr_main
   accept !domains = dbmnz;MAILRTRD/db.rtr_alldomains.db
          acl     = check_recipient


Remember, the ACL-conditions are only meant to return true(accept) or
false(deny),
or defer, what happens depend on the outer ACL, so MAYBE you wanted
require here
instead of accept or deny, it really depends on WHAT you wanted to do.
Nico, (who will be mostly away for the next week)