Re: [Exim] Sender callout verification only for certain doma…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Kevin P. Fleming
CC: exim-users@exim.org
Sujet: Re: [Exim] Sender callout verification only for certain domains
On Fri, 9 May 2003, Kevin P. Fleming wrote:

> Ralf G. R. Bergs wrote:
>
> >>>>>  deny    domains  = +local_domains
> >>>>>          !domains = EXIM_VIRT_DOM_DIR/no_callout
> >>>>>          !verify  = sender/callout=20s/check_postmaster

>
> >>>>
> >>>>   deny    domains  = !EXIM_VIRT_DOM_DIR/no_callout : +local_domains
> >>>>           !verify  = sender/callout=20s/check_postmaster

> >>>
> >
> > Well, can you then please explain me why MY version (the first version quoted
> > above) actually works?
> >
>
> Both methods will work just fine. In fact, I prefer your first option, because
> it's clearer what's happening. Here is why your first version works:


<nice explanation snipped>

Another way of understanding this is to read ACLs with AND between each
line. That's why the order of the two "domains" in the first example
doesn't matter (except for performance considerations).

Reading domain lists is a bit more complicated. You need to put OR after
a positive item, and AND after a negative item. So the domain list in
the second example above is

NOT EXIM_VIRT_DOM_DIR/no_callout AND +local_domains

If you wrote those two items the other way round, the meaning would be

+local_domains OR NOT EXIM_VIRT_DOM_DIR/no_callout

which is not the same thing.


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.