On 25/01/2013 01:10, Phil Pennock wrote:
> On 2013-01-24 at 21:31 +0000, Jeremy Harris wrote:
>> Todd gets credit for kicking off the effort and doing the server side.
>> I did the client side. Undoubtedly there are bugs and missing
>> features; please speak up if you're interested.
>
> I'm *delighted* to see that someone has done this! Thanks guys. :)
>
>> I'll wait a little while but at some point I'd like to merge a squashed
>> version back into the Exim mainline.
>
> Can we run the PRDR ACLs _after_ the DATA ACL, with the DATA ACL having
> access to a variable which indicates that PRDR is in use (so folks can
> choose to not reject immediately)?
It'd mean a bunch of code re-jiggling, but, hey, it's software, you can
do anything!
There's a slight conceptual issue in that the order for the ACLs being
run would not match the order of the SMTP protocol-visible actions.
This would be a maintenance issue for anyone looking at the code.
>
> I'm thinking that virus and spam scanning should happen _once_, first,
> and then per-customer decisions are made based upon preference
> information, with the resulting scores, so that some reject, some route
> to a spam mailbox server, some just accept, etc.
>
> That's the normal use-case, I think, so we should have a singleton scan
> available to set $acl_m_* variables which can be used for decisions in
> the PRDR ACLs.
>
> Does this make sense? Or am I being an ignorant bikeshed painter?
It makes sense in a way.
Another option might be an ACL called, once, immediately before the
set of prdr ACL calls (but still calling the existing "data" ACL
afterwards) ?
>
> (I haven't looked at the code, just skimmed the experimental
> description).
>
> I'm thinking that if we're happy with this, I should really work to find
> time to cut a release soon after it goes into mainline.
I have one or two nagging doubts on the control & observability;
do we need the master server control to be expanded, or changed
to a variable settable by conn-time ACL? Do we need a prdr-active
variable visible in mail & rcpt ACLs?
>
> So if anyone else has fixes for 4.82, now is the time to get them in.
I have some OCSP stuff waiting in the wings it'd be nice to also get
into the next release.
What's the general policy on promoting features from Experimental? I
assume minimum one release, plus a cheerleader?
Are there any defaults we ought to change - common security settings
etc?
How do we build and test on all the target architectures?
--
Cheers,
Jeremy
