Bug#381653: do local checks before non-reject ones?
Robert Millan
rmh at aybabtu.com
Sun Aug 6 09:35:43 UTC 2006
Package: exim4-config
Version: 4.62-3
Severity: wishlist
Tags: patch
How about doing those checks that can't produce a reject (i.e. just a warning)
after CHECK_RCPT_LOCAL_ACL_FILE ?
Rationale: If CHECK_RCPT_LOCAL_ACL_FILE is going to produce a reject, it makes
no sense to go through the "warn" checks first, since the message is going to
be rejected anyway.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-amd64-k8
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Versions of packages exim4-config depends on:
ii adduser 3.95 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy
exim4-config recommends no packages.
-- debconf information excluded
-------------- next part --------------
Index: 30_exim4-config_check_rcpt
===================================================================
--- 30_exim4-config_check_rcpt (revision 1523)
+++ 30_exim4-config_check_rcpt (working copy)
@@ -192,22 +192,6 @@
!verify = recipient/callout
- # Warn if the sender host does not have valid reverse DNS.
- #
- # If your system can do DNS lookups without delay or cost, you might want
- # to enable this.
- # If sender_host_address is defined, it's a remote call. If
- # sender_host_name is not defined, then reverse lookup failed. Use
- # this instead of !verify = reverse_host_lookup to catch deferrals
- # as well as outright failures.
- .ifdef CHECK_RCPT_REVERSE_DNS
- warn
- message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
- condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
- {yes}{no}}
- .endif
-
-
# Use spfquery to perform a pair of SPF checks (for details, see
# http://www.openspf.org/)
#
@@ -249,6 +233,31 @@
condition = ${if eq {$runrc}{5}{yes}{no}}
.endif
+ # This hook allows you to hook in your own ACLs without having to
+ # modify this file. If you do it like we suggest, you'll end up with
+ # a small performance penalty since there is an additional file being
+ # accessed. This doesn't happen if you leave the macro unset.
+ .ifdef CHECK_RCPT_LOCAL_ACL_FILE
+ .include CHECK_RCPT_LOCAL_ACL_FILE
+ .endif
+
+
+ # Warn if the sender host does not have valid reverse DNS.
+ #
+ # If your system can do DNS lookups without delay or cost, you might want
+ # to enable this.
+ # If sender_host_address is defined, it's a remote call. If
+ # sender_host_name is not defined, then reverse lookup failed. Use
+ # this instead of !verify = reverse_host_lookup to catch deferrals
+ # as well as outright failures.
+ .ifdef CHECK_RCPT_REVERSE_DNS
+ warn
+ message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
+ condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
+ {yes}{no}}
+ .endif
+
+
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
@@ -277,15 +286,6 @@
.endif
- # This hook allows you to hook in your own ACLs without having to
- # modify this file. If you do it like we suggest, you'll end up with
- # a small performance penalty since there is an additional file being
- # accessed. This doesn't happen if you leave the macro unset.
- .ifdef CHECK_RCPT_LOCAL_ACL_FILE
- .include CHECK_RCPT_LOCAL_ACL_FILE
- .endif
-
-
# Accept if the address is in a local domain, but only if the recipient can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or denying
More information about the Pkg-exim4-maintainers
mailing list