Re: [exim] ACL syntax question

Top Pagina
Delete this message
Reply to this message
Auteur: John Horne
Datum:  
Aan: Exim users
Onderwerp: Re: [exim] ACL syntax question
On Fri, 2005-05-20 at 09:33 +0100, Philip Hazel wrote:
> On Thu, 19 May 2005, John Horne wrote:
>
> > Odd question - is there any difference between the following 2 ACL
> > statements:
> >
> >      hosts = ! +local_domains
> >    ! hosts = +local_domains

> >
> > I'm assuming there is no difference.
>
> They are the same. It gets more interesting when you have more than one
> thing on the rhs, and some positive and negative items:
>
>        hosts = some.thing.else : ! +local_domains
>      ! hosts = some.thing.else : +local_domains

>
> (Incidentally, it looks odd comparing "hosts" with "local_domains".)
>                                        ^^^^^              ^^^^^^^

>

Yes, sorry a bad example.

> > Secondly, using a named ACL is there a difference between:
> >
> >       acl = ! some_other_acl
> >     ! acl = some_other_acl

> >
> > We currently don't use named ACL's but am about to do so. As far as I
> > can tell (read) the 'some_other_acl' acts like any other ACL and returns
> > 'accept' or 'deny'. As such a '!' will just negate that answer, so the
> > above 2 statements are again the same. Correct?
>
> Yes, I think so.
>
> > It's not always accept or deny that is returned... You can have "defer" or
> > "drop" for instance. How would you invert that in your nested acl?! ;-)
>
> For !some_other_acl, "accept" becomes "condition failed"; "deny" or
> "drop" becomes "condition succeeded". Other results are not affected. In
> other words "defer" becomes "condition defer".
>

Many thanks for this. I just wanted some confirmation that what I was
thinking was correct. We'll proceed with our nested acl's and see what
happens :-)


John.

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
E-mail: John.Horne@???       Fax: +44 (0)1752 233839