------- Comment #3 from ph10@??? 2007-01-31 14:47 -------
On Wed, 31 Jan 2007, holmgren@??? wrote:
> But match_ip only accepts IP addresses/networks in the list, and I can't
> understand why the same matching as with the hosts ACL condition can't be
> used here, but with an arbitrary address to check.
Given that you have to give a "key" to a match_xxx operator, you should
know whether you are giving it an IP address or a host name. So you
should be able to choose match_ip or match_domain accordingly.
The thing about
hosts = <hostlist>
in an ACL is that there is an "implied" identification for the host,
consisting of both the name and the IP address and Exim uses one or the
other, as needed, depending on the host list item. Actually, that isn't
the whole story, because the invention of query-style lookups spoilt it.
I wouldn't do it this way if I were starting again now.
> Can you elaborate? Do you have any examples of particularly dirty situations?
> Should a domain name that resolves to multiple IP addresses have to have
> *all* those IP addresses match the host list?
That's the kind of question that makes it messy. I can write
hosts = 192.168.1.1
in an ACL, and it will compare the IP address of the client to
192.168.1.1. But what should happen if I write
? Or indeed
? Or even
? I felt that having the separate match_ip and match_domain was cleaner
and avoided these kinds of complication.