On 25/01/2013 01:10, Phil Pennock wrote:
On 2013-01-24 at 21:31 +0000, Jeremy Harris wrote:
Todd gets credit for kicking off the effort and doing the server side.
I did the client side. Undoubtedly there are bugs and missing
features; please speak up if you're interested.
I'm *delighted* to see that someone has done this! Thanks guys. :)
I'll wait a little while but at some point I'd like to merge a squashed
version back into the Exim mainline.
Can we run the PRDR ACLs _after_ the DATA ACL, with the DATA ACL having
access to a variable which indicates that PRDR is in use (so folks can
choose to not reject immediately)?
It'd mean a bunch of code re-jiggling, but, hey, it's software, you can
do anything!
There's a slight conceptual issue in that the order for the ACLs being
run would not match the order of the SMTP protocol-visible actions.
This would be a maintenance issue for anyone looking at the code.
I'm thinking that virus and spam scanning should happen _once_, first,
and then per-customer decisions are made based upon preference
information, with the resulting scores, so that some reject, some route
to a spam mailbox server, some just accept, etc.
That's the normal use-case, I think, so we should have a singleton scan
available to set $acl_m_* variables which can be used for decisions in
the PRDR ACLs.
Does this make sense? Or am I being an ignorant bikeshed painter?
It makes sense in a way.
Another option might be an ACL called, once, immediately before the
set of prdr ACL calls (but still calling the existing "data" ACL
afterwards) ?
(I haven't looked at the code, just skimmed the experimental
description).
I'm thinking that if we're happy with this, I should really work to find
time to cut a release soon after it goes into mainline.
I have one or two nagging doubts on the control & observability;
do we need the master server control to be expanded, or changed
to a variable settable by conn-time ACL? Do we need a prdr-active
variable visible in mail & rcpt ACLs?
So if anyone else has fixes for 4.82, now is the time to get them in.
I have some OCSP stuff waiting in the wings it'd be nice to also get
into the next release.
What's the general policy on promoting features from Experimental? I
assume minimum one release, plus a cheerleader?
Are there any defaults we ought to change - common security settings
etc?
How do we build and test on all the target architectures?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
