Bug#376459: exim4-config: issues with ACL documentation

[Marc Haber]

On Sun, Jul 02, 2006 at 10:18:55PM -0700, Ross Boylan wrote:
> The recent cleanup of the documentation seems to have left some loose ends.
> 
> 1. acl/20_exim4-config_whitelist_local_deny includes
> # Whitelisting can also be configured by including negative items in the
> # black list. See /usr/share/doc/exim4-config/default_acl for details.
>                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> The indicatedfile doesn't exist; I think it was merged into
> README.Debian, though I don't see stuff in there that bears directly
> on this issue there now.

The information was moved into exim4-config_files(5), and I have
changed the file appropriately.

> 2. README.Debian section 2.1.2 (on ACLs) says
>    The access list file also contains quite a few configuration options
>    that are too restrictive to be active by default on a real-life site.
> It is unclear, at least to me, what file the "access list file" refers
> to.  My guess is it means either all the acl files or the check_rcpt
> one.

I have changed the text to say "The access lists delivered with the
exim4 packages".

> 3. It might be helpful for README.Debian to mention the possibility of
> customizing the ACLs via, e.g., CHECK_RCPT_LOCAL_ACL_FILE.  And/or
> something about this could go in the exim4-config_files man page,
> though that's tricky since the user makes up the file name and
> location.

The paragraph about "Access Control in the default configuration" says
that the mechanisms can be configured locally with exim macros. I
think that's enough, since people using these configuration mechanisms
need to understand our ACLs first before they can successfully modify
them.

> 4. There is an oddity in the exim4-config_files man page when viewed
> with tkman.  man in terminal looks OK.  In case there is something on
> the page that is inspiring this weird behavior, I'm reporting it.
> 
> Here's what I see when I expand the subitem under "description"
> --------------------------------------------------
> /etc/exim4/local_host_blacklist
> 	  is  an  optional  file  containing a list of IP addresses, networks and
> 	  host names whose  messages  will  be  denied  with  the  error  message
> 	  "locally  blacklisted". This is a full exim 4 host list, and all avail-
> 	  able features can be used. This includes negative items, and so  it  is
> 	  possible  to exclude addresses from being blacklisted. For convenience,
> 	  as an additional method to whitelist addresses from being  blocked,  an
> 	  explicit  whitelist  is  read  in from /etc/exim4/local_host_whitelist.
> 	  Entries in the whitelist override corresponding blacklist entries.
> 
> 	  In the blacklist, the trick is to read a line break as "or" if it  fol-
> 	  lows a positive item, and as "and" if it follows a negative item.
> 
> 	  For example, a /etc/exim4/local_host_blacklist
> 
> 	  192.168.10.0/24
> 	  !172.16.10.128/26
> 	  172.16.10.0/24
> 	  10.0.0.0/8
> 
> 	  Exim  just evaluates left to right (or up-down in the file listing con-
> 	  text), so you don't get the same kind of operator binding as in a  pro-
> 	  gramming language.
> XXXXXX
> 	  will  be   accepted   despite   the   address   is   also   listed   in
> 	  /etc/exim4/local_host_blacklist, overriding a blacklisting.
> 
> 
> /etc/exim4/local_sender_blacklist
> 	  is  an  optional files containing a list of envelope senders whose mes-
> ---------------------------------------------------------
> The section with XXX has missing material on local_host_whitelist.
> If I hit enter (which tells tkman to expand and move on) the missing
> text reappears.
> 
> I may be misunderstanding tkman, or it may be strictly a tkman bug.

I'd say this is a tkman bug, I'll clone and reassign.

> But if there's a way to prevent it from the man page itself, that
> would be a plus.

As soon as somebody tells me how to do this, it's a pleasure to do.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835