Autor: Jeremy Harris Data: Para: exim-users Assunto: Re: [exim] Blocking a Class C
On 11/12/2022 18:34, Slavko via Exim-users wrote: > In case of STARTTLS, it makes no sense for me in connect ACL,
> but there it works. In helo ACL it makes sense for me, eg. to skip
> checks for second EHLO (after STARTTLS), especially with the
> same HELO (EHLO) name as before. What i miss here?
Fair point. On the history I have available, the HELO acl lockout
for the encrypted condition was added between version 4.14 and 4.20,
which is also when acl_smtp_helo arrived (from the ChangeLog file,
there do not have been any intermediate versions released).
The latter was in April 2003. There isn't any commentary for the
rationale for the lockout; the docs do say "called for HELO or EHLO"
for the ACL. Perhaps just the EHLO after STARTTLS was forgotten.
I'm tempted to remove the restriction.
--
Cheers,
Jeremy