Bug#267708: verify sender should be after the header checks in the 30_exim4-config_check_rcpt acl file
Mike Fedyk
Mike Fedyk <mfedyk@matchmail.com>, 267708@bugs.debian.org
Tue, 24 Aug 2004 12:46:40 -0700
Andreas Metzler wrote:
>On 2004-08-24 Mike Fedyk <mfedyk@matchmail.com> wrote:
>
>
>>Package: exim4
>>Version: 4.34-4
>>Severity: minor
>>Tags: patch
>>
>>
>
>
>
>>Why hit the remote server if the headers could be bad before?
>>
>>
>
>We do not have any headers at this point of the SMTP dialogue, just
>envelope from and envelope-to _and_ we do not "hit the remote server",
>because we use verify = sender without callout.
>
>
The callout is for forward checking in a secondary MX situation, right?
verify = sender sends a DSN to the remote server either way, right?
>
>
>>This is just a move to lower in the file, no modifications to the lines.
>>
>>
>[...]
>
>However this test:
>deny message = Sender verification failed
> !acl = acl_whitelist_local_deny
> !verify = sender
>
>is slightly more expensive than other items in the ACL (e.g. the check
>against the sender's IP), so perhaps some reordering would not hurt.
>
>
Agreed.
And now I realize I should've sent a correction to my explanation as I
meant to do in the first place. :-/
Mike
> cu andreas
>
>