.cindex "QUIT, ACL for"
The ACL for the SMTP QUIT command is anomalous, in that the outcome of the ACL
does not affect the response code to QUIT, which is always 221. Thus, the ACL
-does not in fact control any access. For this reason, the only verbs that are
-permitted are &%accept%& and &%warn%&.
+does not in fact control any access. For this reason, it may only accept
+or warn as its final result.
This ACL can be used for tasks such as custom logging at the end of an SMTP
session. For example, you can use ACL variables in other ACLs to count
JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
option values.
-JH/20 BUG 1571: Ensure that $tls_in_peerdn is set, when verification fails
+JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
under OpenSSL.
JH/21 Support for the A6 type of dns record is withdrawn.
+JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
+ rather than the verbs used.
+
Exim version 4.85
int cond;
int basic_errno = 0;
BOOL endpass_seen = FALSE;
+ BOOL acl_quit_check = level == 0
+ && (where == ACL_WHERE_QUIT || where == ACL_WHERE_NOTQUIT);
*log_msgptr = *user_msgptr = NULL;
acl_temp_details = FALSE;
- if ((where == ACL_WHERE_QUIT || where == ACL_WHERE_NOTQUIT) &&
- acl->verb != ACL_ACCEPT &&
- acl->verb != ACL_WARN)
- {
- *log_msgptr = string_sprintf("\"%s\" is not allowed in a QUIT or not-QUIT ACL",
- verbs[acl->verb]);
- return ERROR;
- }
-
HDEBUG(D_acl) debug_printf("processing \"%s\"\n", verbs[acl->verb]);
/* Clear out any search error message from a previous check before testing
if (cond == OK)
{
HDEBUG(D_acl) debug_printf("end of %s: DEFER\n", acl_name);
+ if (acl_quit_check) goto badquit;
acl_temp_details = TRUE;
return DEFER;
}
if (cond == OK)
{
HDEBUG(D_acl) debug_printf("end of %s: DENY\n", acl_name);
+ if (acl_quit_check) goto badquit;
return FAIL;
}
break;
if (cond == OK || cond == DISCARD)
{
HDEBUG(D_acl) debug_printf("end of %s: DISCARD\n", acl_name);
+ if (acl_quit_check) goto badquit;
return DISCARD;
}
if (endpass_seen)
if (cond == OK)
{
HDEBUG(D_acl) debug_printf("end of %s: DROP\n", acl_name);
+ if (acl_quit_check) goto badquit;
return FAIL_DROP;
}
break;
if (cond != OK)
{
HDEBUG(D_acl) debug_printf("end of %s: not OK\n", acl_name);
+ if (acl_quit_check) goto badquit;
return cond;
}
break;
HDEBUG(D_acl) debug_printf("end of %s: implicit DENY\n", acl_name);
return FAIL;
+
+badquit:
+ *log_msgptr = string_sprintf("QUIT or not-QUIT teplevel ACL may not fail "
+ "('%s' verb used incorrectly)", verbs[acl->verb]);
+ return ERROR;
}
warn set acl_c1 = ${eval:$acl_c1+1}
accept
+q_sub:
+ deny
+
check_quit:
warn logwrite = Messages received: $acl_c1
logwrite = Messages accepted: $acl_c0
logwrite = Recipients: $acl_c2
logwrite = Accepted: $acl_c3
+
+ require !acl = q_sub
+
LAST
check_rcpt:
1999-03-02 09:44:33 Messages accepted:
1999-03-02 09:44:33 Recipients:
1999-03-02 09:44:33 Accepted:
-1999-03-02 09:44:33 ACL for QUIT returned ERROR: "deny" is not allowed in a QUIT or not-QUIT ACL
+1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly)
1999-03-02 09:44:33 Messages received: 1
1999-03-02 09:44:33 Messages accepted:
1999-03-02 09:44:33 Recipients:
-1999-03-02 09:44:33 ACL for QUIT returned ERROR: "deny" is not allowed in a QUIT or not-QUIT ACL
+1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly)
-1999-03-02 09:44:33 ACL for QUIT returned ERROR: "deny" is not allowed in a QUIT or not-QUIT ACL
+1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly)
250 OK id=10HmaY-0005vi-00\r
221 Your message here\r
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
-221 myhost.test.ex closing connection\r
+221 Your message here\r
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250 OK\r
221 myhost.test.ex closing connection\r
git://git.exim.org / users / jgh / exim.git / commitdiff