ph10 2006/07/27 11:36:34 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src configure.default
Log:
Re-jigged the order of the tests in the default configuration so that
the tests for valid domains and recipients precede the DNS black list
and CSA tests, on the grounds that those ones are more expensive.
Revision Changes Path
1.382 +4 -0 exim/exim-doc/doc-txt/ChangeLog
1.10 +18 -19 exim/exim-src/src/configure.default
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.381
retrieving revision 1.382
diff -u -r1.381 -r1.382
--- ChangeLog 27 Jul 2006 10:13:52 -0000 1.381
+++ ChangeLog 27 Jul 2006 10:36:34 -0000 1.382
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.381 2006/07/27 10:13:52 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.382 2006/07/27 10:36:34 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -130,6 +130,10 @@
authenticated or an ident call has been made. Suppress the default
values for $authenticated_id and $authenticated_sender (but permit -oMai
and -oMas) when testing with -bh.
+
+PH/24 Re-jigged the order of the tests in the default configuration so that the
+ tests for valid domains and recipients precede the DNS black list and CSA
+ tests, on the grounds that those ones are more expensive.
Exim version 4.62
Index: configure.default
===================================================================
RCS file: /home/cvs/exim/exim-src/src/configure.default,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- configure.default 7 Jul 2006 13:54:32 -0000 1.9
+++ configure.default 27 Jul 2006 10:36:34 -0000 1.10
@@ -1,4 +1,4 @@
-# $Cambridge: exim/exim-src/src/configure.default,v 1.9 2006/07/07 13:54:32 ph10 Exp $
+# $Cambridge: exim/exim-src/src/configure.default,v 1.10 2006/07/27 10:36:34 ph10 Exp $
######################################################################
# Runtime configuration file for Exim #
@@ -380,6 +380,21 @@
accept authenticated = *
control = submission
+ # Insist that any other recipient address that we accept is either in one of
+ # our local domains, or is in a domain for which we explicitly allow
+ # relaying. Any other domain is rejected as being unacceptable for relaying.
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_domains
+
+ # We also require all accepted addresses to be verifiable. This check will
+ # do local part verification for local domains, but only check the domain
+ # for remote domains. The only way to check local parts for the remote
+ # relay domains is to use a callout (add /callout), but please read the
+ # documentation about callouts before doing this.
+
+ require verify = recipient
+
#############################################################################
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
@@ -405,26 +420,10 @@
# require verify = csa
#############################################################################
- # Accept if the address is in a local domain, but only if the recipient can
- # be verified. Otherwise deny. The "endpass" line is the border between
- # passing on to the next ACL statement (if tests above it fail) or denying
- # access (if tests below it fail).
-
- accept domains = +local_domains
- endpass
- verify = recipient
-
- # Accept if the address is in a domain for which we are an incoming relay,
- # but again, only if the recipient can be verified.
-
- accept domains = +relay_to_domains
- endpass
- verify = recipient
-
- # Reaching the end of the ACL causes a "deny", but we might as well give
- # an explicit message.
+ # At this point, the address has passed all the checks that have been
+ # configured, so we accept it unconditionally.
- deny message = relay not permitted
+ accept
# This ACL is used after the contents of a message have been received. This