Bug#376459: exim4-config: issues with ACL documentation

Ross Boylan ross at biostat.ucsf.edu
Mon Jul 3 15:04:22 UTC 2006 

On Mon, Jul 03, 2006 at 07:52:45AM +0200, Marc Haber wrote:
> On Sun, Jul 02, 2006 at 10:18:55PM -0700, Ross Boylan wrote:
... 
> > 3. It might be helpful for README.Debian to mention the possibility of
> > customizing the ACLs via, e.g., CHECK_RCPT_LOCAL_ACL_FILE.  And/or
> > something about this could go in the exim4-config_files man page,
> > though that's tricky since the user makes up the file name and
> > location.
> 
> The paragraph about "Access Control in the default configuration" says
> that the mechanisms can be configured locally with exim macros. I
> think that's enough, since people using these configuration mechanisms
> need to understand our ACLs first before they can successfully modify
> them.
> 

That section says
   Local configuration of the mechanisms happens
   through data files in /etc/exim4 or via exim macros that you can set
   in /etc/exim4/conf.d/main, so there is normally no need to change the
   files in the acl subdirectory in a split-config setup.
and a bit later
   The access list file also contains quite a few configuration options
   that are too restrictive to be active by default on a real-life site.
   These are masked by .ifdef statements, can be activated by setting the
   appropriate macros, and are documented in the ACL file itself.

The reference to data files would lead someone to look at
exim4-config_files (which doesn't mention adding your own rules), and
the discussion of macros could easily lead someone to the conclusion
"don't use them."  The text also says there is normally no need to
change the files in the ACL directory.

So I think it would be very easy to miss this customization option.

How about
   Local configuration of the mechanisms happens
   through data files in /etc/exim4 or via exim macros that you can set
   in /etc/exim4/conf.d/main.  You can create files with your own
   rules to add to the existing ones and point to them by setting
   CHECK_RCPT_LOCAL_ACL_FILE and CHECK_DATA_LOCAL_ACL_FILE,
   so there is normally no need to change the
   files in the acl subdirectory in a split-config setup.
?

More information about the Pkg-exim4-maintainers mailing list