Implementing 'and' conditions in Exim SMTP ACLs the easy way (and in Exim routers too)

September 29, 2020

One of the things that makes Exim a powerful mailer construction kit is that it has a robust set of string expansions, which can be used to implement conditional logic among other things (examples include 1, 2, 3, and 4). However, this power comes with an obscure, compact syntax that's more or less like a Lisp, but not as nice, and in practice is surprisingly easy to get lost in. String expansions have an 'if' so you can implement conditional things and since they have an 'if' they have the usual boolean operators, including 'and'. I've written my share of these complicated conditions, but I've never really been happy with how the result came out.

Today, I was writing another Exim ACL statement that was conditional, with two parts that needed to be anded together, and I realized that there was a simpler approach than using the power and complexity of '${if and{....}'. Namely, multiple 'condition =' requirements are ANDed together (just as all requirements are, to be clear). In my case it was clearly simpler to write my two parts separately as:

deny
   condition = ....
   condition = ....
   [... etc ...]

I actually did the multiple 'condition =' version as a quick first version for testing, then rewrote it as a nominally proper single 'condition =' using '${if and{...}', then went back and reversed the change because the revised version was both longer and less clear.

This works in Exim routers as well as ACLs, since routers also use 'condition =' as a general precondition.

(This isn't going to be universally more readable, but nothing ever is. Also, I carefully put a comment in my new ACL statement to explain why I was doing such an odd looking thing, although in retrospect the comment's not quite as clear and explanatory as I'd like.)

PS: I'm not sure why this hasn't occurred to me before, since I've always known that multiple requirements in ACLs and Exim routers must all be true (ie are ANDed together). Possibly I just never thought to use 'condition =' twice and fell into the trap of always using the obvious hammer of '${if and{...}'.

Written on 29 September 2020.
« Why the Unix newgrp command exists (sort of)
How the Unix newgrp command behaved back in V7 Unix »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Sep 29 20:56:15 2020
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.