do local checks before non-reject ones?
Robert Millan
rmh at aybabtu.com
Thu Jul 27 06:01:26 UTC 2006
How about doing those checks that can't produce a reject (i.e. just a warning)
after CHECK_RCPT_LOCAL_ACL_FILE ?
Rationale: If CHECK_RCPT_LOCAL_ACL_FILE is going to produce a reject, it makes
no sense to go through the "warn" checks first, since the message is going to
be rejected anyway.
--
Robert Millan
My spam trap is honeypot at aybabtu.com. Note: this address is only intended for
spam harvesters. Writing to it will get you added to my black list.
-------------- next part --------------
Index: 30_exim4-config_check_rcpt
===================================================================
--- 30_exim4-config_check_rcpt (revision 1523)
+++ 30_exim4-config_check_rcpt (working copy)
@@ -192,22 +192,6 @@
!verify = recipient/callout
- # Warn if the sender host does not have valid reverse DNS.
- #
- # If your system can do DNS lookups without delay or cost, you might want
- # to enable this.
- # If sender_host_address is defined, it's a remote call. If
- # sender_host_name is not defined, then reverse lookup failed. Use
- # this instead of !verify = reverse_host_lookup to catch deferrals
- # as well as outright failures.
- .ifdef CHECK_RCPT_REVERSE_DNS
- warn
- message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
- condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
- {yes}{no}}
- .endif
-
-
# Use spfquery to perform a pair of SPF checks (for details, see
# http://www.openspf.org/)
#
@@ -249,6 +233,31 @@
condition = ${if eq {$runrc}{5}{yes}{no}}
.endif
+ # This hook allows you to hook in your own ACLs without having to
+ # modify this file. If you do it like we suggest, you'll end up with
+ # a small performance penalty since there is an additional file being
+ # accessed. This doesn't happen if you leave the macro unset.
+ .ifdef CHECK_RCPT_LOCAL_ACL_FILE
+ .include CHECK_RCPT_LOCAL_ACL_FILE
+ .endif
+
+
+ # Warn if the sender host does not have valid reverse DNS.
+ #
+ # If your system can do DNS lookups without delay or cost, you might want
+ # to enable this.
+ # If sender_host_address is defined, it's a remote call. If
+ # sender_host_name is not defined, then reverse lookup failed. Use
+ # this instead of !verify = reverse_host_lookup to catch deferrals
+ # as well as outright failures.
+ .ifdef CHECK_RCPT_REVERSE_DNS
+ warn
+ message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
+ condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
+ {yes}{no}}
+ .endif
+
+
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
@@ -277,15 +286,6 @@
.endif
- # This hook allows you to hook in your own ACLs without having to
- # modify this file. If you do it like we suggest, you'll end up with
- # a small performance penalty since there is an additional file being
- # accessed. This doesn't happen if you leave the macro unset.
- .ifdef CHECK_RCPT_LOCAL_ACL_FILE
- .include CHECK_RCPT_LOCAL_ACL_FILE
- .endif
-
-
# Accept if the address is in a local domain, but only if the recipient can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or denying
More information about the Pkg-exim4-maintainers
mailing list