Jakob Hirsch wrote:
W B Hacker, 2011-10-27 07:51:
Ah - forgot to mention one of the BASIC conventions:
Any 'deny class' verb is permanent. Session having been terminated,
no later 'accept' could possibly act.
An 'accept' OTOH is *temporary* ..
...unless it is the LAST one to act in acl_smtp_data.
'endpass' after an 'accept' can skip all remaining clauses in a
given phase.
This is not true.
http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECID200
says:
accept: If all the conditions are met, the ACL returns “accept”.
i.e., a successful (i.e., all conditions were met) "accept" skips the
remaining ACL entries.
And just after that about "endpass":
If any of the conditions are not met, what happens depends on whether
endpass appears among the conditions (for syntax see below). If the
failing condition is before endpass, control is passed to the next
ACL statement; if it is after endpass, the ACL returns “deny”.
So, "accept" really means "accept", for the current ACL. endpass may be
handy for some situations, but it's just too mind-boggling (an accept
turned into a deny, wtf?), so, as the spec says:
current “best practice” is to avoid the use of endpass.
Dunno.
Works that way here...
'Course I DO run acl's on ALL phases of the smtp session, so...
... an 'accept' ain't final 'til the Fat Lady sings (end of DATA phase..)
Bill
--
韓家標
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
