[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src configure.default
ph10 2006/07/27 11:36:34 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         configure.default 
  Log:
  Re-jigged the order of the tests in the default configuration so that
  the tests for valid domains and recipients precede the DNS black list
  and CSA tests, on the grounds that those ones are more expensive.


  Revision  Changes    Path
  1.382     +4 -0      exim/exim-doc/doc-txt/ChangeLog
  1.10      +18 -19    exim/exim-src/src/configure.default


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.381
  retrieving revision 1.382
  diff -u -r1.381 -r1.382
  --- ChangeLog    27 Jul 2006 10:13:52 -0000    1.381
  +++ ChangeLog    27 Jul 2006 10:36:34 -0000    1.382
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.381 2006/07/27 10:13:52 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.382 2006/07/27 10:36:34 ph10 Exp $


   Change log file for Exim from version 4.21
   -------------------------------------------
  @@ -130,6 +130,10 @@
         authenticated or an ident call has been made. Suppress the default
         values for $authenticated_id and $authenticated_sender (but permit -oMai
         and -oMas) when testing with -bh.
  +
  +PH/24 Re-jigged the order of the tests in the default configuration so that the
  +      tests for valid domains and recipients precede the DNS black list and CSA
  +      tests, on the grounds that those ones are more expensive.



Exim version 4.62

  Index: configure.default
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/configure.default,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- configure.default    7 Jul 2006 13:54:32 -0000    1.9
  +++ configure.default    27 Jul 2006 10:36:34 -0000    1.10
  @@ -1,4 +1,4 @@
  -# $Cambridge: exim/exim-src/src/configure.default,v 1.9 2006/07/07 13:54:32 ph10 Exp $
  +# $Cambridge: exim/exim-src/src/configure.default,v 1.10 2006/07/27 10:36:34 ph10 Exp $


   ######################################################################
   #                  Runtime configuration file for Exim               #
  @@ -380,6 +380,21 @@
     accept  authenticated = *
             control       = submission


  +  # Insist that any other recipient address that we accept is either in one of
  +  # our local domains, or is in a domain for which we explicitly allow
  +  # relaying. Any other domain is rejected as being unacceptable for relaying.
  +
  +  require message = relay not permitted
  +          domains = +local_domains : +relay_domains
  +
  +  # We also require all accepted addresses to be verifiable. This check will
  +  # do local part verification for local domains, but only check the domain
  +  # for remote domains. The only way to check local parts for the remote
  +  # relay domains is to use a callout (add /callout), but please read the
  +  # documentation about callouts before doing this.
  +
  +  require verify = recipient
  +
     #############################################################################
     # There are no default checks on DNS black lists because the domains that
     # contain these lists are changing all the time. However, here are two
  @@ -405,26 +420,10 @@
     # require verify = csa
     #############################################################################


  -  # Accept if the address is in a local domain, but only if the recipient can
  -  # be verified. Otherwise deny. The "endpass" line is the border between
  -  # passing on to the next ACL statement (if tests above it fail) or denying
  -  # access (if tests below it fail).
  -
  -  accept  domains       = +local_domains
  -          endpass
  -          verify        = recipient
  -
  -  # Accept if the address is in a domain for which we are an incoming relay,
  -  # but again, only if the recipient can be verified.
  -
  -  accept  domains       = +relay_to_domains
  -          endpass
  -          verify        = recipient
  -
  -  # Reaching the end of the ACL causes a "deny", but we might as well give
  -  # an explicit message.
  +  # At this point, the address has passed all the checks that have been
  +  # configured, so we accept it unconditionally.


  -  deny    message       = relay not permitted
  +  accept



# This ACL is used after the contents of a message have been received. This