Phil Pennock wrote: > On 2009-11-16 at 10:01 +0800, W B Hacker wrote: >>>>> acl_check_dkim: >>>>> warn log_message = GMail sender without DKIM signature >>>>> sender_domains = gmail.com >>>>> dkim_signers = gmail.com >>>>> dkim_status = none >>>>> deny message = Message from Paypal with invalid or missing signature >>>>> sender_domains = paypal.com:paypal.de >>>>> dkim_signers = paypal.com:paypal.de >>>>> dkim_status = none:invalid:fail >>>>> accept > >> It had no chance to ..... >> >> An 'accept' may be over-ruled by a later 'deny'. > > *cough* > > The first "accept" or "deny" is the end of the ACL. The "accept" is > never seen because the "deny" was matched. > > An "accept" can not be overruled by a later "deny". > > -Phil >
Quote: "An "accept" can not be overruled by a later "deny". I | we should have specified: ...within the same SMTP PHASE... An 'accept' most certainly can be over-ruled by a deny-class verb in any *subsequent* phase. Not to mention a non-acl router/transport ruleset. EG: accept in acl-smtp_connect, deny in acl_smtp_data (or anything in between). WHEREAS - the first 'deny' (class) verb hit is end of story for [at least] that recipient/message combination - if not the entire session. Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
