Ralf G. R. Bergs wrote:
>>>>> deny domains = +local_domains
>>>>> !domains = EXIM_VIRT_DOM_DIR/no_callout
>>>>> !verify = sender/callout=20s/check_postmaster
>>>>
>>>> deny domains = !EXIM_VIRT_DOM_DIR/no_callout : +local_domains
>>>> !verify = sender/callout=20s/check_postmaster
>>>
>
> Well, can you then please explain me why MY version (the first version quoted
> above) actually works?
>
Both methods will work just fine. In fact, I prefer your first option, because
it's clearer what's happening. Here is why your first version works:
Exim processes the first condition "domains = +local_domains". If that condition
returns false, it stops processing the rule because the "deny" rule requires
that all conditions must return true for the denial to occur. If that condition
returns true, Exim processes the second rule. Again, if the condition returns
false (meaning the recipient's domain _is_ in your no_callout list), then Exim
stop processing the rule. If the condition returns true, it continues on and
does the callout and the result of that is the final result that causes (or does
not cause) denial.
These two methods are equally valid, and I don't see that there's any particular
advantage to option #2; in fact, option #2 has the "hidden" requirement that it
must be done in exactly the order listed, whereas in option #1 the two "domains"
checks could be reversed with no ill effects.
