On Tue, Jan 26, 2010 at 09:03:10PM +0000, Dave Evans wrote:
> Looks like a mismatch between the code and the spec.
>
> In fact (if I'm reading the code correctly), n*wildlsearch turns each key in the
> file into a one-item string list, and then applies list matching on that. It
> appears that "10.3. File names in lists" applies here, but (to me) it's
> unclear what other parts of section 10 apply. Section 10 is entitled
> "Domain, host, address, and local part lists" - note NOT string lists.
>
> Or I could be reading the code completely incorrectly :-)
As well as n*wildlsearch, this also seems to affect the "authenticated" and
"encrypted" ACL conditions, and some dkim logic.
e.g. try firing
deny
encrypted = /etc/motd
during a TLS session; this matches your cipher against things in /etc/motd. My motd contains
The programs included with the Ubuntu system are free software;
which makes Exim say
23:19:08 12410 check encrypted = /etc/motd
23:19:08 12410 LOG: MAIN PANIC DIE
23:19:08 12410 unknown lookup type "The programs included with the Ubuntu system are free software"
:-)
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey