Re: [exim] Examples of the acl_smtp_dkim ACL?

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim-users
Subject: Re: [exim] Examples of the acl_smtp_dkim ACL?
Phil Pennock wrote:
> On 2009-11-16 at 10:01 +0800, W B Hacker wrote:
>>>>> acl_check_dkim:
>>>>>   warn log_message = GMail sender without DKIM signature
>>>>>      sender_domains = gmail.com
>>>>>      dkim_signers = gmail.com
>>>>>      dkim_status = none
>>>>>   deny message = Message from Paypal with invalid or missing signature
>>>>>      sender_domains = paypal.com:paypal.de
>>>>>      dkim_signers = paypal.com:paypal.de
>>>>>      dkim_status = none:invalid:fail
>>>>>   accept

>
>> It had no chance to .....
>>
>> An 'accept' may be over-ruled by a later 'deny'.
>
> *cough*
>
> The first "accept" or "deny" is the end of the ACL. The "accept" is
> never seen because the "deny" was matched.
>
> An "accept" can not be overruled by a later "deny".
>
> -Phil
>


Quote:

"An "accept" can not be overruled by a later "deny".

I | we should have specified:

...within the same SMTP PHASE...

An 'accept' most certainly can be over-ruled by a deny-class verb in any
*subsequent* phase. Not to mention a non-acl router/transport ruleset.

EG: accept in acl-smtp_connect, deny in acl_smtp_data (or anything in between).

WHEREAS - the first 'deny' (class) verb hit is end of story for [at least] that
recipient/message combination - if not the entire session.

Bill