[exim-cvs] cvs commit: exim/exim-doc/doc-misc WishList exim…

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: exim-cvs
Assumpte: [exim-cvs] cvs commit: exim/exim-doc/doc-misc WishList exim/exim-doc/doc-txt ChangeLog exim/exim-src/src configure.default
ph10 2005/10/11 10:30:41 BST

  Modified files:
    exim-doc/doc-misc    WishList 
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         configure.default 
  Log:
  In the default configuration, move the relay_from_hosts and
  authenticated client checks to before the DNS black list checks.


  Revision  Changes    Path
  1.53      +0 -8      exim/exim-doc/doc-misc/WishList
  1.246     +8 -0      exim/exim-doc/doc-txt/ChangeLog
  1.4       +24 -23    exim/exim-src/src/configure.default


  Index: WishList
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-misc/WishList,v
  retrieving revision 1.52
  retrieving revision 1.53
  diff -u -r1.52 -r1.53
  --- WishList    10 Oct 2005 08:23:44 -0000    1.52
  +++ WishList    11 Oct 2005 09:30:41 -0000    1.53
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-misc/WishList,v 1.52 2005/10/10 08:23:44 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-misc/WishList,v 1.53 2005/10/11 09:30:41 ph10 Exp $


EXIM 4 WISH LIST
----------------
@@ -1926,14 +1926,6 @@

This is probably a longish-term thing at the moment. Quotas over 2G are now
supported, but not individual messages; no doubt one day this will be wanted.
-------------------------------------------------------------------------------
-
-(335) 14-Jun-05 T Re-arrange default configuration
-
-A small niggle which might be worth fixing is the ordering of the ACL in the
-default configuration file. The relay_from_hosts and authenticated clauses
-would be better off before the dnslists examples. However, this should be left
-until a x.x0 release, because of the documentation implications.
------------------------------------------------------------------------------

(336) 16-Jun-05 M Show recipient(s) after header check failure

  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.245
  retrieving revision 1.246
  diff -u -r1.245 -r1.246
  --- ChangeLog    4 Oct 2005 08:54:33 -0000    1.245
  +++ ChangeLog    11 Oct 2005 09:30:41 -0000    1.246
  @@ -1,7 +1,15 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.245 2005/10/04 08:54:33 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.246 2005/10/11 09:30:41 ph10 Exp $


   Change log file for Exim from version 4.21
   -------------------------------------------
  +
  +Exim version 4.60
  +-----------------
  +
  +PH/01 In the default runtime configuration, move the checks for
  +      relay_from_hosts and authenticated clients from after to before the
  +      (commented out) DNS black list checks.
  +


Exim version 4.54
-----------------

  Index: configure.default
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/configure.default,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- configure.default    10 May 2005 14:48:07 -0000    1.3
  +++ configure.default    11 Oct 2005 09:30:41 -0000    1.4
  @@ -1,4 +1,4 @@
  -# $Cambridge: exim/exim-src/src/configure.default,v 1.3 2005/05/10 14:48:07 ph10 Exp $
  +# $Cambridge: exim/exim-src/src/configure.default,v 1.4 2005/10/11 09:30:41 ph10 Exp $


   ######################################################################
   #                  Runtime configuration file for Exim               #
  @@ -310,11 +310,29 @@


     require verify        = sender


  +  # Accept if the message comes from one of the hosts for which we are an
  +  # outgoing relay. Recipient verification is omitted here, because in many
  +  # cases the clients are dumb MUAs that don't cope well with SMTP error
  +  # responses. If you are actually relaying out from MTAs, you should probably
  +  # add recipient verification here. Note that, by putting this test before
  +  # any DNS black list checks, you will always accept from these hosts, even
  +  # if they end up on a black list. The assumption is that they are your
  +  # friends, and if they get onto a black list, it is a mistake.
  +
  +  accept  hosts         = +relay_from_hosts
  +
  +  # Accept if the message arrived over an authenticated connection, from
  +  # any host. Again, these messages are usually from MUAs, so recipient
  +  # verification is omitted. And again, we do this check before any black list
  +  # tests.
  +
  +  accept  authenticated = *
  +
     #############################################################################
  -  # There are no checks on DNS "black" lists because the domains that contain
  -  # these lists are changing all the time. However, here are two examples of
  -  # how you could get Exim to perform a DNS black list lookup at this point.
  -  # The first one denies, while the second just warns.
  +  # There are no default checks on DNS black lists because the domains that
  +  # contain these lists are changing all the time. However, here are two
  +  # examples of how you can get Exim to perform a DNS black list lookup at this
  +  # point. The first one denies, whereas the second just warns.
     #
     # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
     #         dnslists      = black.list.example
  @@ -344,29 +362,12 @@
             endpass
             verify        = recipient


- # Accept if the address is in a domain for which we are relaying, but again,
- # only if the recipient can be verified.
+ # Accept if the address is in a domain for which we are an incoming relay,
+ # but again, only if the recipient can be verified.

     accept  domains       = +relay_to_domains
             endpass
             verify        = recipient
  -
  -  # If control reaches this point, the domain is neither in +local_domains
  -  # nor in +relay_to_domains.
  -
  -  # Accept if the message comes from one of the hosts for which we are an
  -  # outgoing relay. Recipient verification is omitted here, because in many
  -  # cases the clients are dumb MUAs that don't cope well with SMTP error
  -  # responses. If you are actually relaying out from MTAs, you should probably
  -  # add recipient verification here.
  -
  -  accept  hosts         = +relay_from_hosts
  -
  -  # Accept if the message arrived over an authenticated connection, from
  -  # any host. Again, these messages are usually from MUAs, so recipient
  -  # verification is omitted.
  -
  -  accept  authenticated = *


     # Reaching the end of the ACL causes a "deny", but we might as well give
     # an explicit message.