On 26/04/18 02:25, Mike Brown via Exim-users wrote:
> On Wed, Apr 25, 2018 at 11:19:56PM +0100, Jeremy Harris via Exim-users wrote:
>> On 25/04/18 15:19, Mike Brown via Exim-users wrote:
</snip>
>
> I went back and looked again and found the following:
>
> acl_smtp_mail = acl_check_mail
> acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_data = acl_check_data
> acl_smtp_mime = acl_check_mime
>
> Just curious, why bother having scl_smtp_xxxx when they become acl_check_xxxx?
> Why not just use acl_smtp_rcpt? Just goes to show what little I know about
> exim. I don't do anything fancy with my setup, because it is just me on my
> home server.
I'm not an expert on Exim, but as far as I understand the bit on the
left of the '=' sign is an Exim setting name - so that can't be changed.
The bit on the right is whatever you choose to be. So "acl_smtp_mail =
acl_check_smtp" can be read like:
"just after the server receives the the MAIL smtp command, execute the
acl named 'acl_check_mail'"
Think of "acl_check_mail" as a function name, whose contents and
functionality you define lower down in the config file.
The entities on the left (acl_smtp_mail, acl_smtp_rcpt etc.) are a
pre-defined list of acl's which you can use in Exim at various points
during processing of the email connection and messages. There are
further explanations as to what each one does and when it is called here:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html
So towards the top of exim conf you would have define the acl, if you
intend to use it lower down:
[code]
acl_smtp_mail = my_own_smtp_mail_acl
[/code]
... and lower down in exim.conf you write what my_own_smtp_mail_acl is
supposed to do or check:
[code]
# this starts the section containing all acl's
begin acl
my_own_smtp_mail_acl:
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny authenticated = *
!encrypted = *
message = TLS required on authenticated connections
accept
[/code]
Most acl's have to end with 'accept' (maybe all?) - otherwise messages
or connections reaching the end of the acl without being explicitly
accepted further up would be rejected.
I hope the above helps a bit. I struggled as well when I started to use
Exim in understanding the structure and purpose of the config file - but
eventually it starts to make sense :-)
