On Fri, 9 May 2003, Kevin P. Fleming wrote:
> Ralf G. R. Bergs wrote:
>
> >>>>> deny domains = +local_domains
> >>>>> !domains = EXIM_VIRT_DOM_DIR/no_callout
> >>>>> !verify = sender/callout=20s/check_postmaster
>
> >>>>
> >>>> deny domains = !EXIM_VIRT_DOM_DIR/no_callout : +local_domains
> >>>> !verify = sender/callout=20s/check_postmaster
> >>>
> >
> > Well, can you then please explain me why MY version (the first version quoted
> > above) actually works?
> >
>
> Both methods will work just fine. In fact, I prefer your first option, because
> it's clearer what's happening. Here is why your first version works:
<nice explanation snipped>
Another way of understanding this is to read ACLs with AND between each
line. That's why the order of the two "domains" in the first example
doesn't matter (except for performance considerations).
Reading domain lists is a bit more complicated. You need to put OR after
a positive item, and AND after a negative item. So the domain list in
the second example above is
NOT EXIM_VIRT_DOM_DIR/no_callout AND +local_domains
If you wrote those two items the other way round, the meaning would be
+local_domains OR NOT EXIM_VIRT_DOM_DIR/no_callout
which is not the same thing.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
