On Thu, Oct 04, 2007 at 11:36:37PM +0200, Magnus Holmgren wrote:
> On torsdagen den 4 oktober 2007, Pixel // pinterface wrote:
> > acl_deny:
> > deny
> >
> > acl_smtp_notquit:
> > accept acl = acl_deny
> > warn logwrite = How rude!
> >
> > This spits 'ACL for not-QUIT returned ERROR: "deny" is not allowed in a
> > QUIT or not-QUIT ACL' into my mail log. That would make sense had I
> > written "acl_smtp_notquit: deny ...", but I didn't, so I'm a bit confused.
> > [...]
> > So what I'm wondering is, quite simply, am I misunderstanding the
> > documentation here and the current behavior is correct, or have I stumbled
> > upon a bug?
>
> IMO it's clearly a bug. When the condition is "acl", acl_check_condition()
> calls acl_check_internal() recursively, but doesn't tell it about that fact.
>
> There needs to be some thinking about the cleanest solution to this, and it's
> too late for me today, but please do file a bug report.
The manual says:
40.12 Unset ACL options
... For any defined ACL, the default action when control reaches the end
of the ACL statements is “deny
which is an invalid result for the notquit ACL. Put an accept on the
last line of acl_smtp_notquit.
--
Russell King