W B Hacker wrote:
< ... >
> # For regular use
> #
> acl_r_connect:
>
> # CONNECT_1: Temporarily pass our own arriving MUA's.
> #
> accept
> condition = ${if eq{$interface_port}{587}}
> set acl_c4 = 1
> log_message = C1 $acl_c3 with $received_protocol on port 587
> endpass
>
> ## Note the 'endpass' here ##
< ... >
>
> -IF any of the above appled, we have skipped out of acl_smtp_connect and gone
> on to the next phase. 'endpass' did that for us.
I don't see how an accept statement with endpass without following
conditions behaves differently from an accept statement without endpass.
The documentation does not explicitly say what the result is if there
are no conditions to test after endpass. What it does say (in 40.16 of
the latest spec.) is:
"If the failing condition is before endpass, control is passed to the
next ACL statement; if it is after endpass, the ACL returns “deny”."
This seems to imply that if all conditions before are met and there are
no conditions to test after endpass then the statmemt will return
accept. Because in order to deny there needs to be a failing condition
after endpass. And if there are non, then non can fail.
And in that case the behavior is exactly the same as an accept statement
without endpass; if all conditions are met the statement returns accept,
else control passes to the next statement.
Cheers,
Mark.