Bug#398224: Re: This is a design flaw

Dominic Hargreaves dom at earth.li
Sun Feb 6 20:58:49 UTC 2011


On Wed, Dec 20, 2006 at 12:07:45PM +0100, Marc Haber wrote:
> severity #398224 wishlist
> user exim4 at packages.debian.org
> usertags #398224 probably-not-a-bug-in-exim
> thanks
> 
> On Sun, Nov 12, 2006 at 04:11:04PM +0000, Stephen Gran wrote:
> > This one time, at band camp, Andreas Metzler said:
> > > I have a couple of questions about this:
> > > 
> > > How are you going to handle the "greylistd is removed but not purged
> > > case"?
> > 
> > you could test for the presence of the binary in your acl's, but that
> > adds yet another stat() to the setup.  I'm not sure how much that
> > matters, though.
> 
> I think that is the most clear approach. If it happens to frequently,
> use a macro or an ACL variable.
> 
> > It's messy, but this is a general problem I have some interest in solving.
> > There are many add on packages that should be able to be drop in and
> > work with the MTAs in Debian, but we can't just munge other package's
> > config files, so I am trying to work towards a reasonably clean solution
> > to the general problem.
> 
> The idea to integrate this into Debian's exim4 packages is the
> following:
> 
> - drop your config into split config, /etc/exim4/conf.d
> - this will directly solve the issue for users of split config (one
>   reason why I like split config so much)
> - unsplit config users will need to do manual work, this is a feature
>   of unsplit config.
>   * manually modify /etc/exim4/exim4.conf.template to use greylistd,   _OR_
>   * use update-exim4.conf.template to rebuild /etc/exim4/exim4.conf.template
>     from split configuration, losing local changes to
>     /etc/exim4/exim4.conf.template in the process.
> 
> To activate the ACL, I recommend using the
> MAIN_ACL_CHECK_(MAIL|RCPT|DATA) macros to point exim4 to the ACLs
> delivered by your package and have your ACLs call ours as sub-ACLs.
> This Macro could also be the place to decide which ACL to call
> depending on greylistd existing or not. The macros are string expanded
> before they're used so, something along
> ${if exists{/usr/bin/greylistd}{acl_greylistd_check_rcpt}{acl_check_rcpt}}
> (syntax most definetely wrong, but I hope that the idea comes over)
> can be used.
> 
> Advantages:
>   * (a1) elegant
>   * (a2) using the Debian exim way
>   * (a3) no work required by the exim4 maintainers *grins*
> 
> Disadvantages:
>   * (d1) needs manual work for unsplit config users
>   * (d2) calls for trouble if more than one package uses this trick
>          (resulting in more manual work for the local admin)
> 
> Until this has been discussed to an end, I consider this a solution
> for the issue at hand and will not do any changes to the exim4 packages.
> 
> Post-etch, we might want to review our ACL structure and split the
> ACLs along more files to allow third-party packages to add new ACL
> stanzas right in the middle of our ACL. I remember that Andreas didn't
> like that idea though. It would, however, mitigate (d2).

Hi,

I've recently adopted greylistd and am now trying to find the best
solution to this problem. 

Reading through your above proposed solution, I'm not sure how this
would work - the greylistd ACLs need to be interposed at just the
right place in the check_rcpt ACL, so the only way I can see this
working is a specific call in 30_exim4-config_check_rcpt and
40_exim4-config_check_data (as Julien suggested) up-thread.

Stephen suggested a conditional .ifdef (debconf controlled) too which
probably reduce the impact of this change on people not using greylistd
(the additional stat() calls that Andreas raised as an issue).

Are there any other possibilites that have been developed over the last
few years for solving this sort of problem?

Thanks,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)





More information about the Pkg-exim4-maintainers mailing list