> On 12/01/16 17:00, Patrick von der Hagen wrote:
>> Reading the documentation (not the source), there is no indication that
>> a deny in acl_smtp_helo doesn't work the way people might expect. So I
>> guess the documentation should include a warning and an example like
> In the ACL chapter, HELO section - how would this feel?
>
> "Note also that a deny neither forces the client to go away
> nor means that mail will be refused on the connection. Consider
> checking for &$sender_helo_name$& being defined in a MAIL or
> RCPT ACL to do that."
>
I went back to Philip Hazel's book and on Page 328 - 14.8.9 he writes:
deny
If all the conditions are met, the ACL returns "deny". If any of the
conditions are not met, control is passed to the next ACL
statement. For
example:
deny dnslists = blackholes.mail-abuse.org
rejects commands from hosts that are on a DNS black list.
drop
If all the conditions are met, the action is the same as for deny,
except that after
a permanent error code is sent, the SMTP connection is dropped.
But in the previous section 14.8.8 he also states:
Not all of the conditions make sense at every testing point.
Could it be that using the 'deny' verb in the helo acl is one of the
conditions he was referring to and doesn't make sense?
But I do think that adding your note to the HELO section does make
sense. ;-)
Cheers.
--
Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON. Canada
L3P 6R3
905-471-1691 Voice
frank@???
Registered Linux-User #312398 with the Linux Counter,
http://linuxcounter.net
begin:vcard
fn:Frank Bernhardt
n:Bernhardt;Frank
org:b.c.s.i.
adr:;;14 Halton Court;Markham;ON;L3P 6R3;Canada
email;internet:frank@???
tel;work:905-471-1691
tel;cell:416-540-7694
version:2.1
end:vcard
