Re: [exim] Recipient verify only for non-authenticated users

Top Page
Delete this message
Reply to this message
Author: Jakob Hirsch
Date:  
To: 'exim-users@exim.org'
Subject: Re: [exim] Recipient verify only for non-authenticated users
On 28.10.2011 11:07, W B Hacker wrote:


> A triggered 'accept' is not 'permanent' until end of DATA. Period.
> A triggered 'deny' class verb is 'permanent' AT ONCE. WHEREVER it is.


btw, your terminology is (at least) uncommon, escpecially for email.
"permanent" and "temporary" are not quite appropriate to describe what
"accept" and "deny" do. But let's not get picky about that.

> An 'endpass' is not needed by an 'accept', but is harmless and supports
> consistency in style w/r slef-diocumenting 'reminders' of what is taking
> place.

...
> Circumstances may be better suited to a 'warn' that has to ascertain
> things AND report them AND action others AND manipulate things - that do
> not (yet) give rise to a deny, nor (yet) a 'final' accept - but may
> have no further need for wasting resources in traversing the *remainder*
> of the acl test clauses in a given phase.
>
> Far easier to use an 'endpass' and rely on a stand-alone 'accept' at the
> END of each phase to otherwise onpass the 'survivors'.


As I understand you nebulous words and the line from you previous posting:

> 'endpass' after an 'accept' can skip all remaining clauses in a given phase.


I have to say: This is nonsense. "endpass" can turn an "accept" into a
deny, but this has nothing to do with "skipping the remaining clauses of
a phase". "accept" already does that. With or without "endpass".
"accept" means, the ACL is finished successfully and that no more stanze
of the ACL will be evaluated.

Let me show you what "endpass" really does. First, "accept" without
"endpass":

accept
condition = some_condition

could be written with pseudo code as:

function acl_check_connect {
  if (some_condition) {
    return true; // accept!
  }
... // other stanze
}


Now with the use of "endpass"

accept
condition = some_condition
endpass
condition = ep_condition

would be in pseudo code:

function acl_check_connect {
  if (some_condition) {
    if (ep_condition) {
      return true; // accept!
    } else {
      // failing endpass condition turns "accept" into "deny"
      return false;
    }
  }
... // other stanze
}


Or, in a table:

some_condition | ep_condition | action
---------------+--------------+--------
false            false          go to next stanza
false            true           go to next stanza ("endpass"
                                 does not matter)
true             false          deny
true             true           accept



Hope it's clearer now...



PS: Oh, and btw, a "deny" does not necessarily "terminate a session", as
you wrote. If there are multiple recipients, you can "deny" all of them
but one and still get a message delivered.