Author: W B Hacker Date: To: exim-users Subject: Re: [exim] Recipient verify only for non-authenticated users
Jakob Hirsch wrote: > W B Hacker, 2011-10-27 07:51:
>
>> Ah - forgot to mention one of the BASIC conventions:
>>
>> Any 'deny class' verb is permanent. Session having been terminated,
>> no later 'accept' could possibly act.
>>
>> An 'accept' OTOH is *temporary* ..
>> ...unless it is the LAST one to act in acl_smtp_data.
>> 'endpass' after an 'accept' can skip all remaining clauses in a
>> given phase.
>
> This is not true.
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECID200 > says:
>
>> accept: If all the conditions are met, the ACL returns “accept”.
>
> i.e., a successful (i.e., all conditions were met) "accept" skips the
> remaining ACL entries.
>
> And just after that about "endpass":
>
>> If any of the conditions are not met, what happens depends on whether
>> endpass appears among the conditions (for syntax see below). If the
>> failing condition is before endpass, control is passed to the next
>> ACL statement; if it is after endpass, the ACL returns “deny”.
>
> So, "accept" really means "accept", for the current ACL. endpass may be
> handy for some situations, but it's just too mind-boggling (an accept
> turned into a deny, wtf?), so, as the spec says:
>
>> current “best practice” is to avoid the use of endpass.
>
>
Dunno.
Works that way here...
'Course I DO run acl's on ALL phases of the smtp session, so...
... an 'accept' ain't final 'til the Fat Lady sings (end of DATA phase..)
