2017-04-08
Doing things the clever way in Exim ACLs by exploiting ACL message variables
Someone recently brought a problem to the Exim mailing list where,
as we originally understood it, they wanted to reject messages at
SMTP time if they had a certain sender, went to certain recipients,
and had a specific message in their Subject:. This is actually a
little bit difficult to do straightforwardly in Exim because of the
recipients condition.
In order to check the Subject: header, your ACL condition must
run in the DATA phase (which is the earliest that the message
headers are available). If you don't need to check the recipients,
this is straightforward and you get something like this:
deny
senders = <address list>
condition = ${if match{$h_subject:}{Commit}}
message = Prohibited commit message
The problem is in matching against the recipients. By the DATA phase
there may be multiple recipients, so Exim doesn't offer any simple
condition to match against them (the recipients ACL condition is
valid only in the RCPT TO ACL, although Exim's current documentation
doesn't make this clear). Exim exposes the entire accepted recipients
list as $recipients, but you have to write a matching expression for
this yourself and it's not completely trivial.
Fortunately there is a straightforward way around this: we can do
our matching in stages and then accumulate and communicate our match
results through ACL message variables. So if we want to match
recipient addresses, we do that in the RCPT TO ACL in a warn
ACL stanza whose only purpose is providing us a place to set an ACL
variable:
warn recipients = <address list> set acl_m0_nocommit = 1
(After all, it's easy to match the recipient address against things
in the RCPT TO ACL, because that's a large part of its purpose.)
Then in our DATA phase ACL we can easily match against $acl_m0_nocommit
being set to 1. If we're being extra-careful we'll explicitly set
$acl_m0_nocommit to 0 in our MAIL FROM ACL, although in
practice you'll probably never run into a case where this matters.
Another example of communicating things from RCPT TO to DATA
ACLs is in how we do milter-based spam rejection.
Because DATA time rejection applies to all recipients and not all
of our users have opted in to the same level of server side spam
filtering, we accumulate a list of everyone's spam rejection level
in the RCPT TO ACLs, then work out the minimum level in the DATA
ACLs. This is discussed in somewhat more detail in the sidebar
here.
In general ACL message variables can be used for all sorts of communication across ACL stanzas, both between different ACLs and even within the same ACL. As I sort of mentioned in how we do MIME attachment type logging with Exim, our rejection of certain sorts of attachments is done by recording the attachment type information into an ACL message variable and then reusing it repeatedly in later stanzas. So we have something like this:
warn
# exists just to set our ACL variable
[...]
set acl_m1_astatus = ${run [...]}
deny
condition = ${if match{$acl_m1_astatus} {\N (zip|rar) exts:.* .(exe|js|wsf)\N} }
message = ....
deny
condition = ${if match{$acl_m1_astatus} {\N MIME file ext: .(exe|js|bat|com)\N} }
message = ....
deny
condition = ${if match{$acl_m1_astatus} {\N; zip exts: .zip; inner zip exts: .doc\N} }
message = ....
[...]
(Note that these conditions are simplified and shortened from our real versions.)
None of this is surprising. Exim's ACL message variables are variables, and so you can use them for communicating between different chunks of code just as you do in any other programming language. You just have to think of Exim ACLs and ACL stanzas as being a programming language and thus being something that you can write code in. Admittedly it's a peculiar programming language, but then much of Exim is this way.
Wayland is now the future of Unix graphics and GUIs
The big Unix graphics news of the past week is that Ubuntu threw in the towel on their Unity GUI and with it their Mir display server (see the Ars story for more analysis). I say 'Unix' instead of 'Linux' here because I think this is going to have consequences well beyond Linux.
While there was a three-way fight for the future between Wayland, Ubuntu's Mir, and the default of X, it was reasonably likely that support for X was going to remain active in things like Firefox, KDE, and even Gnome. As a practical matter, Mir and Wayland were both going to support X programs, so if you targeted X (possibly as well as Wayland and/or Mir) you could run on everything and people would not be yelling at you and so on. But, well, there isn't a three-way fight any more. There is only X and Wayland now, and that makes Wayland the path forward by default. With only one path forward, the pressure for applications and GUI environments to remain backwards compatible to X is going to be (much) lower. And we already know how the Gnome people feel about major breaking changes; as Gnome 3 taught us, the Gnome developers are perfectly fine with them if they think the gain is reasonable.
In short: running exclusively on Wayland is the future of Gnome and Gnome-based programs, which includes Firefox; I suspect that it's also the future of KDE. It's not an immediate future, but in five years I suspect that it will be at least looming if not arriving. At that point, anyone who is not running Wayland will not be getting modern desktop software and programs and sooner or later won't be getting browser security fixes for what they currently have.
People run desktop software on more Unixes than just Linux. With Gnome and important desktop apps moving to Wayland, those Unixes face a real problem; they can live with old apps, or they can move to Wayland too. FreeBSD is apparently working seriously on Wayland support (cf), and at one point a Dragonfly BSD developer had Wayland running there. OpenBSD? Don't hold your breath. Solaris? That's up to Oracle these days but I don't really expect it; it would be a lot of work and I can't imagine that Oracle has many customers who will pay for it. Illumos? Probably not unless someone gets very energetic.
With that said, old X programs and environments are not going to
suddenly go away. Fvwm will be there for years
or decades to come, for example, as will xterm and any number of
other current X programs and window managers. But people who are
stuck in X will also be increasingly stuck in the past, unable to
run current versions of more and more programs.
(For some people, this will be just fine. We're probably going to see a fairly strong sorting function among the free Unixes for what sort of person winds up where, which is going to make cultural issues even more fun than usual.)
PS: Some people may sneer at 'desktop software and programs', but this category includes quite a lot of things that are attractive but by and large desktop agnostic, like photography programs, Twitter clients, and syndication feed readers. Most modern graphical programs on Unix are built on top of some mid-level toolkit like GTK+ or QT, not on basic X stuff, because those mid-level toolkits make it so much faster and easier to put together GUIs. If and when those toolkits become Wayland-only and the latest versions of the programs move to depend on recent versions of the toolkits, the programs become Wayland-only too.