Bug#387078: exim4-config: local_host_whitelist man page entries a
bit confusing
Marc Haber
mh+debian-packages at zugschlus.de
Fri Sep 29 15:11:16 UTC 2006
On Sat, Sep 16, 2006 at 12:05:15PM -0700, Ross Boylan wrote:
> What's going on is that I have customized things sufficiently that the
> rule is not being invoked.
Most probably, yes. You need to call the whitelist as a sub-ACL in
each ACL stanza where you would want the whitelist to apply.
> Now, on the understanding front, I'm still a bit puzzled. If the
> behavior were 1), I would expect the (Debian default) ACL's to have an
> accept if whitelisted early on.
We didn't do that since we still want to do, for example, relay
control or recipient verification for whitelisted hosts. Whitelisting
a host does not mean that we'll accept arbitrary trash from them, it
only means that we exempt whitelisted hosts from some local ACL
stanzas, most probably the manually maintained black lists.
> Instead, there are a whole bunch of tests with !acl =
> acl_whitelist_local_deny to skip them.
Yes.
> I also am puzzled about the _deny at the end, though I guess they
> are being used (as above) to deny certain rules.
The _deny at the end is meant to say that this is a whitelist working
against the local_deny blacklists. The name might be bad since the
package does not have a native speaker of English in the active
maintainer team. Additionally, it is now being used in a lot of places
where this name does no longer fit.
> There are also tests (e.g., 30_exim4_config_check_mail) that do not
> use acl_whitelist_local_deny.
Yes. The whitelist was never meant to exempt a host from _all_ checks.
Strictly speaking, it shouldn't be used on the sender verification
stanzas as well.
Would it be less confusing if that whitelist would be renamed to
acl_local_whitelist and used in 30_exim4_config_check_mail and for the
SPF checks as well (which seem to be the only deny stanzas left
that do not use the whitelist)?
Sorry for taking so long, but I'll have to ask you to answer fast
since I plan doing an upload this weekend.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-exim4-maintainers
mailing list