Further tidies and minor fixes to the tables that control which ACL

author Philip Hazel <ph10@hermes.cam.ac.uk>

Tue, 29 Mar 2005 10:56:48 +0000 (10:56 +0000)

committer Philip Hazel <ph10@hermes.cam.ac.uk>

Tue, 29 Mar 2005 10:56:48 +0000 (10:56 +0000)
author Philip Hazel <ph10@hermes.cam.ac.uk>
Tue, 29 Mar 2005 10:56:48 +0000 (10:56 +0000)
committer Philip Hazel <ph10@hermes.cam.ac.uk>
Tue, 29 Mar 2005 10:56:48 +0000 (10:56 +0000)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog

index ed449756f0475c90b5df2acad825491d87b9d94e..4a1d450450f082fbe16a553c92878bb21e130c49 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.100 2005/03/29 09:49:49 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.101 2005/03/29 10:56:48 ph10 Exp $
  
  Change log file for Exim from version 4.21
  -------------------------------------------
@@ -10,7 +10,7 @@ Exim version 4.51
  TK/01 Added Yahoo DomainKeys support via libdomainkeys. See
        doc/experimental-spec.txt for details. (http://domainkeys.sf.net)
  
-TK/02 Fix ACL "control" statment not being available in MIME ACL.
+TK/02 Fix ACL "control" statement not being available in MIME ACL.
  
  TK/03 Fix ACL "regex" condition not being available in MIME ACL.
  
@@ -82,6 +82,12 @@ PH/14 Modified the default configuration to add an acl_smtp_data ACL, with
        SpamAssassin. Also added commented examples of av_scanner and
        spamd_address settings.
  
+PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions
+      and controls are allowed in which ACLs. There were a couple of minor
+      errors. Some of the entries in the conditions table (which is a table of
+      where they are NOT allowed) were getting very unwieldy; rewrote them as a
+      negation of where the condition IS allowed.
+
  
  A note about Exim versions 4.44 and 4.50
  ----------------------------------------
diff --git a/src/src/acl.c b/src/src/acl.c

index 8fb6a7eeff62143a8885d7e038728c02ed839957..704e9cb5e096211556873c9631e29afea7d3495a 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/acl.c,v 1.25 2005/03/15 15:36:41 ph10 Exp $ */
+/* $Cambridge: exim/src/src/acl.c,v 1.26 2005/03/29 10:56:48 ph10 Exp $ */
  
  /*************************************************
  *     Exim - an Internet mail transport agent    *
@@ -244,7 +244,8 @@ static uschar cond_modifiers[] = {
  };
  
  /* Bit map vector of which conditions are not allowed at certain times. For
-each condition, there's a bitmap of dis-allowed times. */
+each condition, there's a bitmap of dis-allowed times. For some, it is easier
+to specify the negation of a small number of allowed times. */
  
  static unsigned int cond_forbids[] = {
    0,                                               /* acl */
@@ -265,34 +266,24 @@ static unsigned int cond_forbids[] = {
    0,                                               /* condition */
  
    /* Certain types of control are always allowed, so we let it through
-  always and check in the control processing itself */
+  always and check in the control processing itself. */
  
    0,                                               /* control */
  
  #ifdef WITH_CONTENT_SCAN
-  (1<<ACL_WHERE_AUTH)|                             /* decode */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_RCPT),
+  (unsigned int)
+  ~(1<<ACL_WHERE_MIME),                            /* decode */
  #endif
  
    0,                                               /* delay */
  
  #ifdef WITH_OLD_DEMIME
-  (1<<ACL_WHERE_AUTH)|                             /* demime */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_MIME),
+  (unsigned int)
+  ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)),   /* demime */
  #endif
  
  #ifdef EXPERIMENTAL_DOMAINKEYS
-  (1<<ACL_WHERE_AUTH)|                            /* dk_domain_source */
+  (1<<ACL_WHERE_AUTH)|                             /* dk_domain_source */
      (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
      (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
      (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
@@ -300,7 +291,7 @@ static unsigned int cond_forbids[] = {
      (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
      (1<<ACL_WHERE_VRFY),
  
-  (1<<ACL_WHERE_AUTH)|                            /* dk_policy */
+  (1<<ACL_WHERE_AUTH)|                             /* dk_policy */
      (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
      (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
      (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
@@ -308,7 +299,7 @@ static unsigned int cond_forbids[] = {
      (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
      (1<<ACL_WHERE_VRFY),
  
-  (1<<ACL_WHERE_AUTH)|                            /* dk_sender_domains */
+  (1<<ACL_WHERE_AUTH)|                             /* dk_sender_domains */
      (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
      (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
      (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
@@ -316,7 +307,7 @@ static unsigned int cond_forbids[] = {
      (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
      (1<<ACL_WHERE_VRFY),
  
-  (1<<ACL_WHERE_AUTH)|                            /* dk_sender_local_parts */
+  (1<<ACL_WHERE_AUTH)|                             /* dk_sender_local_parts */
      (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
      (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
      (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
@@ -324,7 +315,7 @@ static unsigned int cond_forbids[] = {
      (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
      (1<<ACL_WHERE_VRFY),
  
-  (1<<ACL_WHERE_AUTH)|                            /* dk_senders */
+  (1<<ACL_WHERE_AUTH)|                             /* dk_senders */
      (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
      (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
      (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
@@ -332,7 +323,7 @@ static unsigned int cond_forbids[] = {
      (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
      (1<<ACL_WHERE_VRFY),
  
-  (1<<ACL_WHERE_AUTH)|                            /* dk_status */
+  (1<<ACL_WHERE_AUTH)|                             /* dk_status */
      (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
      (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
      (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
@@ -343,13 +334,8 @@ static unsigned int cond_forbids[] = {
  
    (1<<ACL_WHERE_NOTSMTP),                          /* dnslists */
  
-  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* domains */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+  (unsigned int)
+  ~(1<<ACL_WHERE_RCPT),                            /* domains */
  
    (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_CONNECT)|   /* encrypted */
      (1<<ACL_WHERE_HELO),
@@ -358,56 +344,32 @@ static unsigned int cond_forbids[] = {
  
    (1<<ACL_WHERE_NOTSMTP),                          /* hosts */
  
-  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* local_parts */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+  (unsigned int)
+  ~(1<<ACL_WHERE_RCPT),                            /* local_parts */
  
    0,                                               /* log_message */
  
    0,                                               /* logwrite */
  
  #ifdef WITH_CONTENT_SCAN
-  (1<<ACL_WHERE_AUTH)|                             /* malware */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_MIME),
+  (unsigned int)
+  ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)),   /* malware */
  #endif
  
    0,                                               /* message */
  
  #ifdef WITH_CONTENT_SCAN
-  (1<<ACL_WHERE_AUTH)|                             /* mime_regex */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_RCPT),
+  (unsigned int)
+  ~(1<<ACL_WHERE_MIME),                            /* mime_regex */
  #endif
  
-  (1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_AUTH)|      /* recipients */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+  (unsigned int)
+  ~(1<<ACL_WHERE_RCPT),                            /* recipients */
  
  #ifdef WITH_CONTENT_SCAN
-  (1<<ACL_WHERE_AUTH)|                             /* regex */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY),
+  (unsigned int)
+  ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)|    /* regex */
+    (1<<ACL_WHERE_MIME)),
  #endif
  
    (1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)|      /* sender_domains */
@@ -425,13 +387,8 @@ static unsigned int cond_forbids[] = {
    0,                                               /* set */
  
  #ifdef WITH_CONTENT_SCAN
-  (1<<ACL_WHERE_AUTH)|                             /* spam */
-    (1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
-    (1<<ACL_WHERE_RCPT)|(1<<ACL_WHERE_PREDATA)|
-    (1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
-    (1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
-    (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
-    (1<<ACL_WHERE_VRFY)|(1<<ACL_WHERE_MIME),
+  (unsigned int)
+  ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)),   /* spam */
  #endif
  
  #ifdef EXPERIMENTAL_SPF
author	Philip Hazel <ph10@hermes.cam.ac.uk>
	Tue, 29 Mar 2005 10:56:48 +0000 (10:56 +0000)
committer	Philip Hazel <ph10@hermes.cam.ac.uk>
	Tue, 29 Mar 2005 10:56:48 +0000 (10:56 +0000)
doc/doc-txt/ChangeLog		patch \| blob \| history
src/src/acl.c		patch \| blob \| history