Bug#272870: /usr/sbin/exim4: exim4-daemon-heavy: More modular structure (integrating other tools)

Marc Haber Marc Haber <mh+debian-packages@zugschlus.de>, 272870-maintonly@bugs.debian.org
Sun, 6 Feb 2005 16:21:11 +0100 

retitle #272870 module structure for ACLs
reassign #272870 exim4-config
thanks



On Wed, Sep 22, 2004 at 04:20:37PM +0300, Jari Aalto wrote:
> I'm not sure where I should propose this, in Exim development
> or here, but I take a shot.

That's mostly a Debian issue, so you're fine here.

> File /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt is the heart
> of stopping intruders and spammers to the mail system, but manually
> editing that file creates conflicts when Exim 4 is updated.
> 
> There are several good checks already and in newsgroups I have
> found more checks to include to ACL RCPT file. Why not make these
> all "standard" and ship with Exim. The user can selectively 
> enable those features that he wants. This can be accomplished
> by 
> 
>   a) defining a feature variable in simewhere
>      /etc/exim4/conf.d/main (I use separate 30_exim4_my_main )
>   b) Putting "features" under separate directory with
>      properl .ifdef FEATURE ... .endif block
>   c) including features from /etc/exim4/conf.d/acl files.

How about having the RCPT ACL split over different files? This has
been requested already, and doesn't seem so intrusive to me like your
suggestion. However, we are probably too late for sarge.

> And /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt is broken
> into smaller parts, so that it can include several files. Here
> I have listed some of the possibilities that I use:
> 
>     .include /etc/exim4/conf.d/acl/include/rcpt/helo_mandate
>     .include /etc/exim4/conf.d/acl/include/rcpt/helo_forged
>     .include /etc/exim4/conf.d/acl/include/rcpt/sender_ident
>     .include /etc/exim4/conf.d/acl/include/rcpt/spf_spfquery
>     .include /etc/exim4/conf.d/acl/include/rcpt/dnsbl
>     .include /etc/exim4/conf.d/acl/include/rcpt/sender_verify
>     .include /etc/exim4/conf.d/acl/include/rcpt/greylistd

Why that include orgy when the files could be directly in
/etc/exim4/conf.d/acl/?

> And so forth for all other "features". Each external package could
> install new "feature" into the include directory and suggest user
> to turn on that feature in  /etc/exim4/conf.d/main/20_exim4_features

Each external package could drop their ACL snippet into
/etc/exim/conf.d/acl.

However, all this won't work too well with the non-split configuration
which is the default.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835